You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.

Skip to main content

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.mozilla.jss.ssl
Class SSLServerSocket

java.lang.Object
  extended by java.net.ServerSocket
      extended by org.mozilla.jss.ssl.SSLServerSocket

public class SSLServerSocket
extends java.net.ServerSocket

SSL server socket.

Field Summary
static int DEFAULT_BACKLOG
          The default size of the listen queue.
 
Constructor Summary
SSLServerSocket(int port)
          Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog)
          Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, java.net.InetAddress bindAddr)
          Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, java.net.InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback)
          Creates a server socket listening on the given port.
SSLServerSocket(int port, int backlog, java.net.InetAddress bindAddr, SSLCertificateApprovalCallback certApprovalCallback, boolean reuseAddr)
          Creates a server socket listening on the given port.
 
Method Summary
 java.net.Socket accept()
          Accepts a connection.
 void bypassPKCS11(boolean enable)
          Enables the bypass of PKCS11 for performance on this socket.
static void clearSessionCache()
          Empties the SSL client session ID cache.
 void close()
          Closes this socket.
static void configServerSessionIDCache(int maxSidEntries, int ssl2EntryTimeout, int ssl3EntryTimeout, java.lang.String cacheFileDirectory)
          Configures the session ID cache.
 void enableFDX(boolean enable)
          Enable simultaneous read/write by separate read and write threads (full duplex) for this socket.
 void enableRollbackDetection(boolean enable)
          Enable rollback detection for this socket.
 void enableSSL2(boolean enable)
          Enables SSL v2 on this socket.
 void enableSSL3(boolean enable)
          Enables SSL v3 on this socket.
 void enableStepDown(boolean enable)
          This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites.
 void enableTLS(boolean enable)
          Enables TLS on this socket.
 void enableV2CompatibleHello(boolean enable)
          Enable sending v3 client hello in v2 format for this socket.
protected  void finalize()
           
 java.net.InetAddress getInetAddress()
           
 int getLocalPort()
           
 boolean getReuseAddress()
           
 int getSoTimeout()
          Returns the current value of the SO_TIMEOUT socket option.
 java.lang.String getSSLOptions()
           
 void requestClientAuth(boolean b)
          Enables/disables the request of client authentication.
 void requireClientAuth(boolean require, boolean onRedo)
          Deprecated. use requireClientAuth(int)
 void requireClientAuth(int mode)
          Sets whether the socket requires client authentication from the remote peer.
 void setClientCert(X509Certificate cert)
          Sets the certificate to use for client authentication.
 void setClientCertNickname(java.lang.String nick)
          Sets the nickname of the certificate to use for client authentication.
 void setNeedClientAuth(boolean b)
          Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.
 void setNeedClientAuthNoExpiryCheck(boolean b)
          Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.
 void setReuseAddress(boolean reuse)
           
 void setServerCert(X509Certificate certnickname)
          Sets the certificate to use for server authentication.
 void setServerCertNickname(java.lang.String nick)
          Sets the certificate to use for server authentication.
 void setSoTimeout(int timeout)
          Sets the SO_TIMEOUT socket option.
 void setUseClientMode(boolean b)
          Determines whether this end of the socket is the client or the server for purposes of the SSL protocol.
 java.lang.String toString()
          Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
 void useCache(boolean b)
          Enables/disables the session cache.
 
Methods inherited from class java.net.ServerSocket
bind, bind, getChannel, getLocalSocketAddress, getReceiveBufferSize, implAccept, isBound, isClosed, setPerformancePreferences, setReceiveBufferSize, setSocketFactory
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

DEFAULT_BACKLOG

public static final int DEFAULT_BACKLOG
The default size of the listen queue.

See Also:
Constant Field Values
Constructor Detail

SSLServerSocket

public SSLServerSocket(int port)
                throws java.io.IOException
Creates a server socket listening on the given port. The listen queue will be of size DEFAULT_BACKLOG.

Throws:
java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
                       int backlog)
                throws java.io.IOException
Creates a server socket listening on the given port.

Parameters:
backlog - The size of the socket's listen queue.
Throws:
java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
                       int backlog,
                       java.net.InetAddress bindAddr)
                throws java.io.IOException
Creates a server socket listening on the given port.

Parameters:
backlog - The size of the socket's listen queue.
bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
Throws:
java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
                       int backlog,
                       java.net.InetAddress bindAddr,
                       SSLCertificateApprovalCallback certApprovalCallback)
                throws java.io.IOException
Creates a server socket listening on the given port.

Parameters:
backlog - The size of the socket's listen queue.
bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
certApprovalCallback - Will get called to approve any certificate presented by the client.
Throws:
java.io.IOException

SSLServerSocket

public SSLServerSocket(int port,
                       int backlog,
                       java.net.InetAddress bindAddr,
                       SSLCertificateApprovalCallback certApprovalCallback,
                       boolean reuseAddr)
                throws java.io.IOException
Creates a server socket listening on the given port.

Parameters:
backlog - The size of the socket's listen queue.
bindAddr - The local address to which to bind. If null, an unspecified local address will be bound to.
certApprovalCallback - Will get called to approve any certificate presented by the client.
reuseAddr - Reuse the local bind port; this parameter sets the SO_REUSEADDR option on the socket before calling bind(). The default is false for backward compatibility.
Throws:
java.io.IOException
Method Detail

accept

public java.net.Socket accept()
                       throws java.io.IOException
Accepts a connection. This call will block until a connection is made or the timeout is reached.

Overrides:
accept in class java.net.ServerSocket
Returns:
java.net.Socket Local socket for client communication
Throws:
java.io.IOException - If an input or output exception occurred
java.net.SocketTimeoutException - If the socket timesout trying to connect
InterruptedIOException - If an input or output is interrupted
SSLSocketException - JSS subclass of java.net.SocketException

setSoTimeout

public void setSoTimeout(int timeout)
Sets the SO_TIMEOUT socket option.

Overrides:
setSoTimeout in class java.net.ServerSocket
Parameters:
timeout - The timeout time in milliseconds.

getSoTimeout

public int getSoTimeout()
Returns the current value of the SO_TIMEOUT socket option.

Overrides:
getSoTimeout in class java.net.ServerSocket
Returns:
The timeout time in milliseconds.

setReuseAddress

public void setReuseAddress(boolean reuse)
                     throws java.net.SocketException
Overrides:
setReuseAddress in class java.net.ServerSocket
Throws:
java.net.SocketException

getReuseAddress

public boolean getReuseAddress()
                        throws java.net.SocketException
Overrides:
getReuseAddress in class java.net.ServerSocket
Throws:
java.net.SocketException

clearSessionCache

public static void clearSessionCache()
Empties the SSL client session ID cache.

finalize

protected void finalize()
                 throws java.lang.Throwable
Overrides:
finalize in class java.lang.Object
Throws:
java.lang.Throwable

getLocalPort

public int getLocalPort()
Overrides:
getLocalPort in class java.net.ServerSocket
Returns:
The local port.

close

public void close()
           throws java.io.IOException
Closes this socket.

Overrides:
close in class java.net.ServerSocket
Throws:
java.io.IOException

configServerSessionIDCache

public static void configServerSessionIDCache(int maxSidEntries,
                                              int ssl2EntryTimeout,
                                              int ssl3EntryTimeout,
                                              java.lang.String cacheFileDirectory)
                                       throws java.net.SocketException
Configures the session ID cache.

Parameters:
maxSidEntries - The maximum number of entries in the cache. If 0 is passed, the default of 10,000 is used.
ssl2EntryTimeout - The lifetime in seconds of an SSL2 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.
ssl3EntryTimeout - The lifetime in seconds of an SSL3 session. The minimum timeout value is 5 seconds and the maximum is 24 hours. Values outside this range are replaced by the server default value of 100 seconds.
cacheFileDirectory - The pathname of the directory that will contain the session cache. If null is passed, the server default is used: /tmp on Unix and \\temp on Windows.
Throws:
java.net.SocketException

setServerCertNickname

public void setServerCertNickname(java.lang.String nick)
                           throws java.net.SocketException
Sets the certificate to use for server authentication.

Throws:
java.net.SocketException

setServerCert

public void setServerCert(X509Certificate certnickname)
                   throws java.net.SocketException
Sets the certificate to use for server authentication.

Throws:
java.net.SocketException

requestClientAuth

public void requestClientAuth(boolean b)
                       throws java.net.SocketException
Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

Throws:
java.net.SocketException
See Also:
requireClientAuth(boolean, boolean)

setNeedClientAuth

public void setNeedClientAuth(boolean b)
                       throws java.net.SocketException
Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.

Throws:
java.net.SocketException

setNeedClientAuthNoExpiryCheck

public void setNeedClientAuthNoExpiryCheck(boolean b)
                                    throws java.net.SocketException
Deprecated. As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.

Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

In addition, the client certificate's expiration will not prevent it from being accepted.

Throws:
java.net.SocketException
See Also:
public void requestClientAuthNoExpiryCheck(boolean b) throws SocketException { base.requestClientAuthNoExpiryCheck(b); } /**

enableSSL2

public void enableSSL2(boolean enable)
                throws java.net.SocketException
Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL2Default.

Throws:
java.net.SocketException

enableSSL3

public void enableSSL3(boolean enable)
                throws java.net.SocketException
Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableSSL3Default.

Throws:
java.net.SocketException

enableTLS

public void enableTLS(boolean enable)
               throws java.net.SocketException
Enables TLS on this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableTLSDefault.

Throws:
java.net.SocketException

bypassPKCS11

public void bypassPKCS11(boolean enable)
                  throws java.net.SocketException
Enables the bypass of PKCS11 for performance on this socket. It is disabled by default, unless the default has been changed with SSLSocket.bypassPKCS11Default.

Throws:
java.net.SocketException

enableRollbackDetection

public void enableRollbackDetection(boolean enable)
                             throws java.net.SocketException
Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableRollbackDetectionDefault.

Throws:
java.net.SocketException

enableStepDown

public void enableStepDown(boolean enable)
                    throws java.net.SocketException
This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less, this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.

Throws:
java.net.SocketException

enableFDX

public void enableFDX(boolean enable)
               throws java.net.SocketException
Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with SSLSocket.enableFDXDefault.

Throws:
java.net.SocketException

enableV2CompatibleHello

public void enableV2CompatibleHello(boolean enable)
                             throws java.net.SocketException
Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with SSLSocket.enableV2CompatibleHelloDefault.

Throws:
java.net.SocketException

getSSLOptions

public java.lang.String getSSLOptions()
Returns:
a String listing the current SSLOptions for this socket.

getInetAddress

public java.net.InetAddress getInetAddress()
Overrides:
getInetAddress in class java.net.ServerSocket
Returns:
the local address of this server socket.

requireClientAuth

public void requireClientAuth(boolean require,
                              boolean onRedo)
                       throws java.net.SocketException
Deprecated. use requireClientAuth(int)

Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

Throws:
java.net.SocketException

requireClientAuth

public void requireClientAuth(int mode)
                       throws java.net.SocketException
Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

Parameters:
mode - One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR
Throws:
java.net.SocketException

setClientCertNickname

public void setClientCertNickname(java.lang.String nick)
                           throws java.net.SocketException
Sets the nickname of the certificate to use for client authentication.

Throws:
java.net.SocketException

setClientCert

public void setClientCert(X509Certificate cert)
                   throws java.net.SocketException
Sets the certificate to use for client authentication.

Throws:
java.net.SocketException

setUseClientMode

public void setUseClientMode(boolean b)
Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the server.

Parameters:
b - true if this end of the socket is the SSL slient, false if it is the SSL server.

useCache

public void useCache(boolean b)
              throws java.net.SocketException
Enables/disables the session cache. By default, the session cache is enabled.

Throws:
java.net.SocketException

toString

public java.lang.String toString()
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.

Overrides:
toString in class java.net.ServerSocket
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD