Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Methods of the SSLServerSocket Class

Once you’ve successfully created and initialized an SSLServerSocket, there are a lot of applications you can write using nothing more than the methods inherited from java.net.ServerSocket. However, there are times when you need to adjust its behavior a little. Like SSLSocket, SSLServerSocket provides methods to choose the cipher suites it uses, to manage sessions, and to establish whether clients are required to authenticate themselves. Most of these methods are very similar to the methods of the same name in SSLSocket. The difference is that they work on the server side and set the defaults for sockets accepted by an SSLServerSocket. In some cases, once an SSLSocket has been accepted, you can still use the methods of SSLSocket to configure that one socket rather than all sockets accepted by this SSLServerSocket.

Choosing the Cipher Suites

The SSLServerSocket class has the same three methods for determining which cipher suites are supported and enabled as SSLSocket does:

public abstract String[] getSupportedCipherSuites(  )
public abstract String[] getEnabledCipherSuites(  )
public abstract void     setEnabledCipherSuites(String[] suites)

These use the same suite names as the similarly named methods in SSLSocket. The difference is that these apply to all sockets accepted by the SSLServerSocket rather than to just one SSLSocket. For example, this code fragment has the effect of enabling anonymous, unauthenticated connections on the SSLServerSocket server. It relies on the names of these suites containing the string “_anon_”. This is true for Sun’s reference implementations, though there’s no guarantee that other implementers will follow this convention:

String[] supported = server.getSupportedCipherSuites(  );
String[] anonCipherSuitesSupported = new String[supported.length];      
int numAnonCipherSuitesSupported = 0;
for (int i = 0; i < supported.length; i++) {
  if (supported[i].indexOf("_anon_") > 0) {
    anonCipherSuitesSupported[numAnonCipherSuitesSupported++] 
     = supported[i];
  }
}  
      
String[] oldEnabled = server.getEnabledCipherSuites(  );
String[] newEnabled = new String[oldEnabled.length
 + numAnonCipherSuitesSupported];
System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length);
System.arraycopy(anonCipherSuitesSupported, 0, newEnabled, 
 oldEnabled.length, numAnonCipherSuitesSupported);
      
server.setEnabledCipherSuites(newEnabled);

This fragment retrieves the list of both supported and enabled cipher suites using getSupportedCipherSuites( ) and getEnabledCipherSuites( ). It looks at the name of every supported suite to see whether it contains the substring “_anon_”. If it does, it’s added to a list of anonymous cipher suites. Once the list of anonymous cipher suites is built, it’s combined in a new array with the previous list of enabled cipher suites. This new array is then passed to set-EnabledCipherSuites( ) so that both the previously enabled and the anonymous cipher suites can now be used.

Session Management

Both client and server must agree to establish a session for multisocket secure sessions to be allowed. The server side uses the setEnableSessionCreation( ) method to specify whether this will be allowed and the getEnable-SessionCreation( ) method to determine whether this is currently allowed:

public abstract void setEnableSessionCreation(boolean allowSessions)
public abstract boolean getEnableSessionCreation(  )

Session creation is enabled by default. If the server disallows session creation, then a client that wants a session will still be able to connect. It just won’t get a session and will have to handshake again for every socket. Similarly, if the client refuses sessions, but the server allows them, then they’ll still be able to talk to each other but without sessions.

Client Mode

The SSLServerSocket class has two methods for determining and specifying whether client sockets are required to authenticate themselves to the server. By passing true to the setNeedClientAuth( ) method, you specify that only connections where the client is able to authenticate itself will be accepted. By passing false, you specify that authentication is not required of clients. The default is false. If for some reason you need to know what the current state of this property is, the getNeedClientAuth( ) method will tell you:

public abstract void setNeedClientAuth(boolean flag)
public abstract boolean getNeedClientAuth(  )

The setUseClientMode( ) method allows a program to indicate that even though it has created an SSLServerSocket, it is and should be treated as a client in the communication with respect to authentication and other negotiations. For example, in an FTP session, the client program opens a server socket to receive data from the server, but that doesn’t make it less of a client. The getUseClientMode( ) method returns true if the SSLServerSocket is in client mode, false otherwise:

public abstract void setUseClientMode(boolean flag)
public abstract boolean getUseClientMode(  )

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Methods of the SSLServerSocket Class

Create new playlist

Sign In

Sign Up

Methods of the SSLServerSocket Class

Choosing the Cipher Suites

Session Management

Client Mode

Table of Contents for
Methods of the SSLServerSocket Class