org.mozilla.jss.ssl

Class SSLServerSocket

java.lang.Object

java.net.ServerSocket

org.mozilla.jss.ssl.SSLServerSocket

All Implemented Interfaces:

java.io.Closeable, java.lang.AutoCloseable

public class SSLServerSocket
extends java.net.ServerSocket

SSL server socket.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_BACKLOG The default size of the listen queue.

Constructor Summary

Constructors

Constructor and Description
SSLServerSocket(int port) Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog) Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, java.net.InetAddress bindAddr) Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, java.net.InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback) Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, java.net.InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback, boolean reuseAddr) Creates a server socket listening on the given port.

Method Summary

Methods

Modifier and Type	Method and Description
java.net.Socket	accept() Accepts a connection.
void	bypassPKCS11(boolean enable) Enables the bypass of PKCS11 for performance on this socket.
static void	clearSessionCache() Empties the SSL client session ID cache.
void	close() Closes this socket.
static void	configServerSessionIDCache(int maxSidEntries, int ssl2EntryTimeout, int ssl3EntryTimeout, java.lang.String cacheFileDirectory) Configures the session ID cache.
void	enableFDX(boolean enable) Enable simultaneous read/write by separate read and write threads (full duplex) for this socket.
void	enableRollbackDetection(boolean enable) Enable rollback detection for this socket.
void	enableSSL2(boolean enable) Enables SSL v2 on this socket.
void	enableSSL3(boolean enable) Enables SSL v3 on this socket.
void	enableStepDown(boolean enable) This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites.
void	enableTLS(boolean enable) Enables TLS on this socket.
void	enableV2CompatibleHello(boolean enable) Enable sending v3 client hello in v2 format for this socket.
protected void	finalize()
java.net.InetAddress	getInetAddress()
int	getLocalPort()
boolean	getReuseAddress()
int	getSoTimeout() Returns the current value of the SO_TIMEOUT socket option.
java.lang.String	getSSLOptions()
void	requestClientAuth(boolean b) Enables/disables the request of client authentication.
void	requireClientAuth(boolean require, boolean onRedo) Deprecated. use requireClientAuth(int)
void	requireClientAuth(int mode) Sets whether the socket requires client authentication from the remote peer.
void	setClientCert(X509Certificate cert) Sets the certificate to use for client authentication.
void	setClientCertNickname(java.lang.String nick) Sets the nickname of the certificate to use for client authentication.
void	setNeedClientAuth(boolean b) Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.
void	setNeedClientAuthNoExpiryCheck(boolean b) Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.
void	setReuseAddress(boolean reuse)
void	setServerCert(X509Certificate certnickname) Sets the certificate to use for server authentication.
void	setServerCertNickname(java.lang.String nick) Sets the certificate to use for server authentication.
void	setSoTimeout(int timeout) Sets the SO_TIMEOUT socket option.
void	setUseClientMode(boolean b) Determines whether this end of the socket is the client or the server for purposes of the SSL protocol.
java.lang.String	toString() Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
void	useCache(boolean b) Enables/disables the session cache.

Methods inherited from class java.net.ServerSocket

bind, bind, getChannel, getLocalSocketAddress, getReceiveBufferSize, implAccept, isBound, isClosed, setPerformancePreferences, setReceiveBufferSize, setSocketFactory

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_BACKLOG

public static final int DEFAULT_BACKLOG

The default size of the listen queue.

See Also:

Constant Field Values

Constructor Detail

SSLServerSocket

public SSLServerSocket(int port)
                throws java.io.IOException

Creates a server socket listening on the given port. The listen queue will be of size DEFAULT_BACKLOG.

Throws:

java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
               int backlog)
                throws java.io.IOException

Creates a server socket listening on the given port.

Parameters:

backlog - The size of the socket's listen queue.

Throws:

java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
               int backlog,
               java.net.InetAddress bindAddr)
                throws java.io.IOException

Creates a server socket listening on the given port.

Parameters:

backlog - The size of the socket's listen queue.

bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.

Throws:

java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
               int backlog,
               java.net.InetAddress bindAddr,
               SSLCertificateApprovalCallback certApprovalCallback)
                throws java.io.IOException

Creates a server socket listening on the given port.

Parameters:

backlog - The size of the socket's listen queue.

bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.

certApprovalCallback - Will get called to approve any certificate presented by the client.

Throws:

java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
               int backlog,
               java.net.InetAddress bindAddr,
               SSLCertificateApprovalCallback certApprovalCallback,
               boolean reuseAddr)
                throws java.io.IOException

Creates a server socket listening on the given port.

Parameters:

backlog - The size of the socket's listen queue.

bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.

certApprovalCallback - Will get called to approve any certificate presented by the client.

reuseAddr - Reuse the local bind port; this parameter sets the SO_REUSEADDR option on the socket before calling bind(). The default is false for backward compatibility.

Throws:

java.io.IOException

Method Detail

accept

public java.net.Socket accept()
                       throws java.io.IOException

Accepts a connection. This call will block until a connection is made or the timeout is reached.

Overrides:

accept in class java.net.ServerSocket

Returns:

java.net.Socket Local socket for client communication

Throws:

java.io.IOException - If an input or output exception occurred

java.net.SocketTimeoutException - If the socket timesout trying to connect

InterruptedIOException - If an input or output is interrupted

SSLSocketException - JSS subclass of java.net.SocketException

setSoTimeout

public void setSoTimeout(int timeout)

Sets the SO_TIMEOUT socket option.

Overrides:

setSoTimeout in class java.net.ServerSocket

Parameters:

timeout - The timeout time in milliseconds.

getSoTimeout

public int getSoTimeout()

Returns the current value of the SO_TIMEOUT socket option.

Overrides:

getSoTimeout in class java.net.ServerSocket

Returns:

The timeout time in milliseconds.

setReuseAddress

public void setReuseAddress(boolean reuse)
                     throws java.net.SocketException

Overrides:

setReuseAddress in class java.net.ServerSocket

Throws:

java.net.SocketException

getReuseAddress

public boolean getReuseAddress()
                        throws java.net.SocketException

Overrides:

getReuseAddress in class java.net.ServerSocket

Throws:

java.net.SocketException

clearSessionCache

public static void clearSessionCache()

Empties the SSL client session ID cache.

finalize

protected void finalize()
                 throws java.lang.Throwable

Overrides:

finalize in class java.lang.Object

Throws:

java.lang.Throwable

getLocalPort

public int getLocalPort()

Overrides:

getLocalPort in class java.net.ServerSocket

Returns:

The local port.

close

public void close()
           throws java.io.IOException

Closes this socket.

Specified by:

close in interface java.io.Closeable

Specified by:

close in interface java.lang.AutoCloseable

Overrides:

close in class java.net.ServerSocket

Throws:

java.io.IOException

configServerSessionIDCache

public static void configServerSessionIDCache(int maxSidEntries,
                              int ssl2EntryTimeout,
                              int ssl3EntryTimeout,
                              java.lang.String cacheFileDirectory)
                                       throws java.net.SocketException

Configures the session ID cache.

Parameters:

maxSidEntries - The maximum number of entries in the cache. If 0 is passed, the default of 10,000 is used.

ssl2EntryTimeout - The lifetime in seconds of an SSL2 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.

ssl3EntryTimeout - The lifetime in seconds of an SSL3 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.

cacheFileDirectory - The pathname of the directory that will contain the session cache. If null is passed, the server default is used: /tmp on Unix and \\temp on Windows.

Throws:

java.net.SocketException

setServerCertNickname

public void setServerCertNickname(java.lang.String nick)
                           throws java.net.SocketException

Sets the certificate to use for server authentication.

Throws:

java.net.SocketException

setServerCert

public void setServerCert(X509Certificate certnickname)
                   throws java.net.SocketException

Sets the certificate to use for server authentication.

Throws:

java.net.SocketException

requestClientAuth

public void requestClientAuth(boolean b)
                       throws java.net.SocketException

Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

Throws:

java.net.SocketException

See Also:

requireClientAuth(boolean, boolean)

setNeedClientAuth

public void setNeedClientAuth(boolean b)
                       throws java.net.SocketException

Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.

Throws:

java.net.SocketException

setNeedClientAuthNoExpiryCheck

public void setNeedClientAuthNoExpiryCheck(boolean b)
                                    throws java.net.SocketException

Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.

Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

In addition, the client certificate's expiration will not prevent it from being accepted.

Throws:

java.net.SocketException

See Also:

public void requestClientAuthNoExpiryCheck(boolean b) throws SocketException { base.requestClientAuthNoExpiryCheck(b); } /**

enableSSL2

public void enableSSL2(boolean enable)
                throws java.net.SocketException

Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL2Default.

Throws:

java.net.SocketException

enableSSL3

public void enableSSL3(boolean enable)
                throws java.net.SocketException

Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL3Default.

Throws:

java.net.SocketException

enableTLS

public void enableTLS(boolean enable)
               throws java.net.SocketException

Enables TLS on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableTLSDefault.

Throws:

java.net.SocketException

bypassPKCS11

public void bypassPKCS11(boolean enable)
                  throws java.net.SocketException

Enables the bypass of PKCS11 for performance on this socket. It is disabled by default, unless the default has been changed with SSLSocket.bypassPKCS11Default.

Throws:

java.net.SocketException

enableRollbackDetection

public void enableRollbackDetection(boolean enable)
                             throws java.net.SocketException

Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableRollbackDetectionDefault.

Throws:

java.net.SocketException

enableStepDown

public void enableStepDown(boolean enable)
                    throws java.net.SocketException

This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.

Throws:

java.net.SocketException

enableFDX

public void enableFDX(boolean enable)
               throws java.net.SocketException

Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableFDXDefault.

Throws:

java.net.SocketException

enableV2CompatibleHello

public void enableV2CompatibleHello(boolean enable)
                             throws java.net.SocketException

Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableV2CompatibleHelloDefault.

Throws:

java.net.SocketException

getSSLOptions

public java.lang.String getSSLOptions()

Returns:

a String listing the current SSLOptions for this socket.

getInetAddress

public java.net.InetAddress getInetAddress()

Overrides:

getInetAddress in class java.net.ServerSocket

Returns:

the local address of this server socket.

requireClientAuth

public void requireClientAuth(boolean require,
                     boolean onRedo)
                       throws java.net.SocketException

Deprecated. use requireClientAuth(int)

Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

Throws:

java.net.SocketException

requireClientAuth

public void requireClientAuth(int mode)
                       throws java.net.SocketException

Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

Parameters:

mode - One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR

Throws:

java.net.SocketException

setClientCertNickname

public void setClientCertNickname(java.lang.String nick)
                           throws java.net.SocketException

Sets the nickname of the certificate to use for client authentication.

Throws:

java.net.SocketException

setClientCert

public void setClientCert(X509Certificate cert)
                   throws java.net.SocketException

Sets the certificate to use for client authentication.

Throws:

java.net.SocketException

setUseClientMode

public void setUseClientMode(boolean b)

Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the server.

Parameters:

b - true if this end of the socket is the SSL slient, false if it is the SSL server.

useCache

public void useCache(boolean b)
              throws java.net.SocketException

Enables/disables the session cache. By default, the session cache is enabled.

Throws:

java.net.SocketException

toString

public java.lang.String toString()

Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.

Overrides:

toString in class java.net.ServerSocket