Package org.mozilla.jss.ssl

Class SSLServerSocket

java.lang.Object
java.net.ServerSocket
org.mozilla.jss.ssl.SSLServerSocket
All Implemented Interfaces:
Closeable, AutoCloseable
public class SSLServerSocket extends ServerSocket
SSL server socket.

  • Field Details

    • sockProxy

      private SocketProxy sockProxy

    • handshakeAsClient

      private boolean handshakeAsClient

    • base

      private SocketBase base

    • isClosed

      private boolean isClosed

    • inAccept

      private boolean inAccept

    • acceptLock

      private Object acceptLock

    • DEFAULT_BACKLOG

      public static final int DEFAULT_BACKLOG
      The default size of the listen queue.
      See Also:

    • UNIX_TEMP_DIR

      private static final String UNIX_TEMP_DIR
      See Also:

    • WINDOWS_TEMP_DIR

      private static final String WINDOWS_TEMP_DIR
      See Also:

  • Constructor Details

    • SSLServerSocket

      public SSLServerSocket(int port) throws IOException
      Creates a server socket listening on the given port. The listen queue will be of size DEFAULT_BACKLOG.
      Throws:
      IOException

    • SSLServerSocket

      public SSLServerSocket(int port, int backlog) throws IOException
      Creates a server socket listening on the given port.
      Parameters:
      backlog - The size of the socket's listen queue.
      Throws:
      IOException

    • SSLServerSocket

      public SSLServerSocket(int port, int backlog, InetAddress bindAddr) throws IOException
      Creates a server socket listening on the given port.
      Parameters:
      backlog - The size of the socket's listen queue.
      bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
      Throws:
      IOException

    • SSLServerSocket

      public SSLServerSocket(int port, int backlog, InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback) throws IOException
      Creates a server socket listening on the given port.
      Parameters:
      backlog - The size of the socket's listen queue.
      bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
      certApprovalCallback - Will get called to approve any certificate presented by the client.
      Throws:
      IOException

    • SSLServerSocket

      public SSLServerSocket(int port, int backlog, InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback, boolean reuseAddr) throws IOException
      Creates a server socket listening on the given port.
      Parameters:
      backlog - The size of the socket's listen queue.
      bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
      certApprovalCallback - Will get called to approve any certificate presented by the client.
      reuseAddr - Reuse the local bind port; this parameter sets the SO_REUSEADDR option on the socket before calling bind(). The default is false for backward compatibility.
      Throws:
      IOException

  • Method Details

    • socketListen

      private void socketListen(int backlog) throws SocketException
      Throws:
      SocketException

    • accept

      public Socket accept() throws IOException
      Accepts a connection. This call will block until a connection is made or the timeout is reached.
      Overrides:
      accept in class ServerSocket
      Returns:
      java.net.Socket Local socket for client communication
      Throws:
      IOException - If an input or output exception occurred
      SocketTimeoutException - If the socket times out trying to connect
      SSLSocketException - JSS subclass of java.net.SocketException

    • setSoTimeout

      public void setSoTimeout(int timeout)
      Sets the SO_TIMEOUT socket option.
      Overrides:
      setSoTimeout in class ServerSocket
      Parameters:
      timeout - The timeout time in milliseconds.

    • getSoTimeout

      public int getSoTimeout()
      Returns the current value of the SO_TIMEOUT socket option.
      Overrides:
      getSoTimeout in class ServerSocket
      Returns:
      The timeout time in milliseconds.

    • setReuseAddress

      public void setReuseAddress(boolean reuse) throws SocketException
      Overrides:
      setReuseAddress in class ServerSocket
      Throws:
      SocketException

    • getReuseAddress

      public boolean getReuseAddress() throws SocketException
      Overrides:
      getReuseAddress in class ServerSocket
      Throws:
      SocketException

    • abortAccept

      private void abortAccept() throws SocketException
      Throws:
      SocketException

    • socketAccept

      private byte[] socketAccept(SSLSocket s, int timeout, boolean handshakeAsClient) throws SocketException, SocketTimeoutException
      Throws:
      SocketException
      SocketTimeoutException

    • clearSessionCache

      public static void clearSessionCache()
      Empties the SSL client session ID cache.

    • finalize

      @Deprecated protected void finalize() throws Throwable
      Deprecated.
      finalize() in Object has been deprecated
      Overrides:
      finalize in class Object
      Throws:
      Throwable

    • getLocalPort

      public int getLocalPort()
      Overrides:
      getLocalPort in class ServerSocket
      Returns:
      The local port.

    • close

      public void close() throws IOException
      Closes this socket.
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Overrides:
      close in class ServerSocket
      Throws:
      IOException

    • configServerSessionIDCache

      public static void configServerSessionIDCache(int maxSidEntries, int ssl2EntryTimeout, int ssl3EntryTimeout, String cacheFileDirectory) throws SocketException
      Configures the session ID cache.
      Parameters:
      maxSidEntries - The maximum number of entries in the cache. If 0 is passed, the default of 10,000 is used.
      ssl2EntryTimeout - The lifetime in seconds of an SSL2 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.
      ssl3EntryTimeout - The lifetime in seconds of an SSL3 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.
      cacheFileDirectory - The pathname of the directory that will contain the session cache. If null is passed, the server default is used: /tmp on Unix and \\temp on Windows.
      Throws:
      SocketException

    • setServerCertNickname

      public void setServerCertNickname(String nick) throws SocketException
      Sets the certificate to use for server authentication.
      Throws:
      SocketException

    • setServerCert

      public void setServerCert(X509Certificate certnickname) throws SocketException
      Sets the certificate to use for server authentication.
      Throws:
      SocketException

    • requestClientAuth

      public void requestClientAuth(boolean b) throws SocketException
      Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.
      Throws:
      SocketException
      See Also:

    • setNeedClientAuth

      @Deprecated public void setNeedClientAuth(boolean b) throws SocketException
      Deprecated.
      As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.
      Throws:
      SocketException

    • setNeedClientAuthNoExpiryCheck

      @Deprecated public void setNeedClientAuthNoExpiryCheck(boolean b) throws SocketException
      Deprecated.
      As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.
      Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

      In addition, the client certificate's expiration will not prevent it from being accepted.

      Throws:
      SocketException
      See Also:

    • enableSSL2

      public void enableSSL2(boolean enable) throws SocketException
      Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL2Default.
      Throws:
      SocketException

    • enableSSL3

      public void enableSSL3(boolean enable) throws SocketException
      Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL3Default.
      Throws:
      SocketException

    • enableTLS

      public void enableTLS(boolean enable) throws SocketException
      Enables TLS on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableTLSDefault.
      Throws:
      SocketException

    • enableSessionTickets

      public void enableSessionTickets(boolean enable) throws SocketException
      Enables Session tickets on this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableSessionTicketsDefault.
      Throws:
      SocketException

    • enableRenegotiation

      public void enableRenegotiation(int mode) throws SocketException
      Enables the mode of renegotiation that the peer must use. The default is never renegotiate at all unless the default has been changed with SSLSocket.enableRenegotiationDefault.
      Parameters:
      mode - One of: SSLSocket.SSL_RENEGOTIATE_NEVER - Never renegotiate at all. SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without restriction, whether or not the peer's hello bears the TLS renegotiation info extension. Vulnerable, as in the past. SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - Only renegotiate if the peer's hello bears the TLS renegotiation_info extension. This is safe renegotiation. SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe renegotiation in server sockets only, but allow clients to continue to renegotiate with vulnerable servers. This value should only be used during the transition period when few servers have been upgraded.
      Throws:
      SocketException

    • enableRequireSafeNegotiation

      public void enableRequireSafeNegotiation(boolean enable) throws SocketException
      For this socket require that the peer must send Signaling Cipher Suite Value (SCSV) or Renegotiation Info (RI) extension in ALL handshakes. It is disabled by default, unless the default has been changed with SSLSocket.enableRequireSafeNegotiationDefault.
      Throws:
      SocketException

    • enableRollbackDetection

      public void enableRollbackDetection(boolean enable) throws SocketException
      Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableRollbackDetectionDefault.
      Throws:
      SocketException

    • enableStepDown

      public void enableStepDown(boolean enable) throws SocketException
      This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.
      Throws:
      SocketException

    • enableFDX

      public void enableFDX(boolean enable) throws SocketException
      Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableFDXDefault.
      Throws:
      SocketException

    • enableV2CompatibleHello

      public void enableV2CompatibleHello(boolean enable) throws SocketException
      Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableV2CompatibleHelloDefault.
      Throws:
      SocketException

    • getSSLOptions

      public String getSSLOptions()
      Returns:
      a String listing the current SSLOptions for this socket.

    • getInetAddress

      public InetAddress getInetAddress()
      Overrides:
      getInetAddress in class ServerSocket
      Returns:
      the local address of this server socket.

    • requireClientAuth

      @Deprecated public void requireClientAuth(boolean require, boolean onRedo) throws SocketException
      Deprecated.
      use requireClientAuth(int)
      Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.
      Throws:
      SocketException

    • requireClientAuth

      public void requireClientAuth(int mode) throws SocketException
      Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.
      Parameters:
      mode - One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
      Throws:
      SocketException

    • setClientCertNickname

      public void setClientCertNickname(String nick) throws SocketException
      Sets the nickname of the certificate to use for client authentication.
      Throws:
      SocketException

    • setClientCert

      public void setClientCert(X509Certificate cert) throws SocketException
      Sets the certificate to use for client authentication.
      Throws:
      SocketException

    • setUseClientMode

      public void setUseClientMode(boolean b)
      Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the server.
      Parameters:
      b - true if this end of the socket is the SSL slient, false if it is the SSL server.

    • useCache

      public void useCache(boolean b) throws SocketException
      Enables/disables the session cache. By default, the session cache is enabled.
      Throws:
      SocketException

    • toString

      public String toString()
      Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
      Overrides:
      toString in class ServerSocket