SSLServerSocket | API reference | Android Developers (original) (raw)
abstract class SSLServerSocket : ServerSocket
This class extends ServerSockets and provides secure server sockets using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Instances of this class are generally created using a SSLServerSocketFactory. The primary function of SSLServerSockets is to create SSLSockets by accepting connections.
SSLServerSockets contain several pieces of state data which are inherited by the SSLSocket at socket creation. These include the enabled cipher suites and protocols, whether client authentication is necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the created SSLSocket can be overriden by calling the appropriate methods.
Summary
| Protected constructors |
|---|
| SSLServerSocket() Used only by subclasses. |
| SSLServerSocket(port: Int) Used only by subclasses. |
| SSLServerSocket(port: Int, backlog: Int) Used only by subclasses. |
| SSLServerSocket(port: Int, backlog: Int, address: InetAddress!) Used only by subclasses. |
| Public methods | |
|---|---|
| abstract Boolean | getEnableSessionCreation() Returns true if new SSL sessions may be established by the sockets which are created from this server socket. |
| abstract Array<String!>! | getEnabledCipherSuites() Returns the list of cipher suites which are currently enabled for use by newly accepted connections. |
| abstract Array<String!>! | getEnabledProtocols() Returns the names of the protocols which are currently enabled for use by the newly accepted connections. |
| abstract Boolean | getNeedClientAuth() Returns true if client authentication will be required on newly accepted server-mode SSLSockets. |
| open SSLParameters! | getSSLParameters() Returns the SSLParameters in effect for newly accepted connections. |
| abstract Array<String!>! | getSupportedCipherSuites() Returns the names of the cipher suites which could be enabled for use on an SSL connection. |
| abstract Array<String!>! | getSupportedProtocols() Returns the names of the protocols which could be enabled for use. |
| abstract Boolean | getUseClientMode() Returns true if accepted connections will be in SSL client mode. |
| abstract Boolean | getWantClientAuth() Returns true if client authentication will be requested on newly accepted server-mode connections. |
| abstract Unit | setEnableSessionCreation(flag: Boolean) Controls whether new SSL sessions may be established by the sockets which are created from this server socket. |
| abstract Unit | setEnabledCipherSuites(suites: Array<String!>!) Sets the cipher suites enabled for use by accepted connections. |
| abstract Unit | setEnabledProtocols(protocols: Array<String!>!) Controls which particular protocols are enabled for use by accepted connections. |
| abstract Unit | setNeedClientAuth(need: Boolean) Controls whether accepted server-mode SSLSockets will be initially configured to require client authentication. |
| open Unit | setSSLParameters(params: SSLParameters!) Applies SSLParameters to newly accepted connections. |
| abstract Unit | setUseClientMode(mode: Boolean) Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode. |
| abstract Unit | setWantClientAuth(want: Boolean) Controls whether accepted server-mode SSLSockets will be initially configured to request client authentication. |
| open String | toString() |
| Inherited functions |
|---|
| From class ServerSocket Socket! accept() Listens for a connection to be made to this socket and accepts it. The method blocks until a connection is made. A new Socket s is created and, if there is a security manager, the security manager's checkAccept method is called with s.getInetAddress().getHostAddress() and s.getPort() as its arguments to ensure the operation is allowed. This could result in a SecurityException. Unit bind(endpoint: SocketAddress!) Binds the ServerSocket to a specific address (IP address and port number). If the address is null, then the system will pick up an ephemeral port and a valid local address to bind the socket. Unit bind(endpoint: SocketAddress!, backlog: Int) Binds the ServerSocket to a specific address (IP address and port number). If the address is null, then the system will pick up an ephemeral port and a valid local address to bind the socket. The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0. If it is less than or equal to 0, then an implementation specific default will be used. Unit close() Closes this socket. Any thread currently blocked in accept() will throw a SocketException. If this socket has an associated channel then the channel is closed as well. ServerSocketChannel! getChannel() Returns the unique java.nio.channels.ServerSocketChannel object associated with this socket, if any. A server socket will have a channel if, and only if, the channel itself was created via the ServerSocketChannel.open method. InetAddress! getInetAddress() Returns the local address of this server socket. If the socket was bound prior to being #close, then this method will continue to return the local address after the socket is closed. If there is a security manager set, its checkConnect method is called with the local address and -1 as its arguments to see if the operation is allowed. If the operation is not allowed, the loopback address is returned. Int getLocalPort() Returns the port number on which this socket is listening. If the socket was bound prior to being #close, then this method will continue to return the port number after the socket is closed. SocketAddress! getLocalSocketAddress() Returns the address of the endpoint this socket is bound to. If the socket was bound prior to being #close, then this method will continue to return the address of the endpoint after the socket is closed. If there is a security manager set, its checkConnect method is called with the local address and -1 as its arguments to see if the operation is allowed. If the operation is not allowed, a SocketAddress representing the loopback address and the local port to which the socket is bound is returned. T getOption(name: SocketOption<T>!) Returns the value of a socket option. Int getReceiveBufferSize() Gets the value of the SO_RCVBUF option for this ServerSocket, that is the proposed buffer size that will be used for Sockets accepted from this ServerSocket. Note, the value actually set in the accepted socket is determined by calling Socket.getReceiveBufferSize(). Boolean getReuseAddress() Tests if SO_REUSEADDR is enabled. Int getSoTimeout() Retrieve setting for SO_TIMEOUT. 0 returns implies that the option is disabled (i.e., timeout of infinity). Unit implAccept(s: Socket!) Subclasses of ServerSocket use this method to override accept() to return their own subclass of socket. So a FooServerSocket will typically hand this method an empty FooSocket. On return from implAccept the FooSocket will be connected to a client. Boolean isBound() Returns the binding state of the ServerSocket. Boolean isClosed() Returns the closed state of the ServerSocket. ServerSocket! setOption(name: SocketOption<T>!, value: T) Sets the value of a socket option. Unit setPerformancePreferences(connectionTime: Int, latency: Int, bandwidth: Int) Sets performance preferences for this ServerSocket. Sockets use the TCP/IP protocol by default. Some implementations may offer alternative protocols which have different performance characteristics than TCP/IP. This method allows the application to express its own preferences as to how these tradeoffs should be made when the implementation chooses from the available protocols. Performance preferences are described by three integers whose values indicate the relative importance of short connection time, low latency, and high bandwidth. The absolute values of the integers are irrelevant; in order to choose a protocol the values are simply compared, with larger values indicating stronger preferences. If the application prefers short connection time over both low latency and high bandwidth, for example, then it could invoke this method with the values (1, 0, 0). If the application prefers high bandwidth above low latency, and low latency above short connection time, then it could invoke this method with the values (0, 1, 2). Invoking this method after this socket has been bound will have no effect. This implies that in order to use this capability requires the socket to be created with the no-argument constructor. Unit setReceiveBufferSize(size: Int) Sets a default proposed value for the SO_RCVBUF option for sockets accepted from this ServerSocket. The value actually set in the accepted socket must be determined by calling Socket.getReceiveBufferSize() after the socket is returned by accept(). The value of SO_RCVBUF is used both to set the size of the internal socket receive buffer, and to set the size of the TCP receive window that is advertized to the remote peer. It is possible to change the value subsequently, by calling Socket.setReceiveBufferSize(int). However, if the application wishes to allow a receive window larger than 64K bytes, as defined by RFC1323 then the proposed value must be set in the ServerSocket before it is bound to a local address. This implies, that the ServerSocket must be created with the no-argument constructor, then setReceiveBufferSize() must be called and lastly the ServerSocket is bound to an address by calling bind(). Failure to do this will not cause an error, and the buffer size may be set to the requested value but the TCP receive window in sockets accepted from this ServerSocket will be no larger than 64K bytes. Unit setReuseAddress(on: Boolean) Enable/disable the SO_REUSEADDR socket option. When a TCP connection is closed the connection may remain in a timeout state for a period of time after the connection is closed (typically known as the TIME_WAIT state or 2MSL wait state). For applications using a well known socket address or port it may not be possible to bind a socket to the required SocketAddress if there is a connection in the timeout state involving the socket address or port. Enabling SO_REUSEADDR prior to binding the socket using bind(java.net.SocketAddress) allows the socket to be bound even though a previous connection is in a timeout state. When a ServerSocket is created the initial setting of SO_REUSEADDR is not defined. Applications can use getReuseAddress() to determine the initial setting of SO_REUSEADDR. The behaviour when SO_REUSEADDR is enabled or disabled after a socket is bound (See isBound()) is not defined. Unit setSoTimeout(timeout: Int) Enable/disable SO_TIMEOUT with the specified timeout, in milliseconds. With this option set to a non-zero timeout, a call to accept() for this ServerSocket will block for only this amount of time. If the timeout expires, a java.net.SocketTimeoutException is raised, though the ServerSocket is still valid. The option must be enabled prior to entering the blocking operation to have effect. The timeout must be > 0. A timeout of zero is interpreted as an infinite timeout. Unit setSocketFactory(fac: SocketImplFactory!) Sets the server socket implementation factory for the application. The factory can be specified only once. When an application creates a new server socket, the socket implementation factory's createSocketImpl method is called to create the actual socket implementation. Passing null to the method is a no-op unless the factory was already set. If there is a security manager, this method first calls the security manager's checkSetFactory method to ensure the operation is allowed. This could result in a SecurityException. MutableSet<SocketOption<*>!>! supportedOptions() Returns a set of the socket options supported by this server socket. This method will continue to return the set of options even after the socket has been closed. |
Protected constructors
SSLServerSocket
protected SSLServerSocket()
Used only by subclasses.
Create an unbound TCP server socket using the default authentication context.
| Exceptions | |
|---|---|
| java.io.IOException | if an I/O error occurs when creating the socket |
SSLServerSocket
protected SSLServerSocket(port: Int)
Used only by subclasses.
Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.
A port number of 0 creates a socket on any free port.
If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.
| Parameters | |
|---|---|
| port | Int: the port on which to listen |
| Exceptions | |
|---|---|
| java.io.IOException | if an I/O error occurs when creating the socket |
| java.lang.SecurityException | if a security manager exists and its checkListen method doesn't allow the operation. |
| java.lang.IllegalArgumentException | if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive. |
SSLServerSocket
protected SSLServerSocket(
port: Int,
backlog: Int)
Used only by subclasses.
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.
A port number of 0 creates a socket on any free port.
The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0. If it is less than or equal to 0, then an implementation specific default will be used.
If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.
| Parameters | |
|---|---|
| port | Int: the port on which to listen |
| backlog | Int: requested maximum length of the queue of incoming connections. |
| Exceptions | |
|---|---|
| java.io.IOException | if an I/O error occurs when creating the socket |
| java.lang.SecurityException | if a security manager exists and its checkListen method doesn't allow the operation. |
| java.lang.IllegalArgumentException | if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive. |
SSLServerSocket
protected SSLServerSocket(
port: Int,
backlog: Int,
address: InetAddress!)
Used only by subclasses.
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.
If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.
A port number of 0 creates a socket on any free port.
The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0. If it is less than or equal to 0, then an implementation specific default will be used.
If address is null, it will default accepting connections on any/all local addresses.
| Parameters | |
|---|---|
| port | Int: the port on which to listen |
| backlog | Int: requested maximum length of the queue of incoming connections. |
| address | InetAddress!: the address of the network interface through which connections will be accepted |
| Exceptions | |
|---|---|
| java.io.IOException | if an I/O error occurs when creating the socket |
| java.lang.SecurityException | if a security manager exists and its checkListen method doesn't allow the operation. |
| java.lang.IllegalArgumentException | if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive. |
Public methods
getEnableSessionCreation
abstract fun getEnableSessionCreation(): Boolean
Returns true if new SSL sessions may be established by the sockets which are created from this server socket.
| Return | |
|---|---|
| Boolean | true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed |
getEnabledCipherSuites
abstract fun getEnabledCipherSuites(): Array<String!>!
Returns the list of cipher suites which are currently enabled for use by newly accepted connections.
If this list has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites.
There are several reasons why an enabled cipher suite might not actually be used. For example: the server socket might not have appropriate private keys available to it or the cipher suite might be anonymous, precluding the use of client authentication, while the server socket has been told to require that sort of authentication.
| Return | |
|---|---|
| Array<String!>! | an array of cipher suites enabled |
getEnabledProtocols
abstract fun getEnabledProtocols(): Array<String!>!
Returns the names of the protocols which are currently enabled for use by the newly accepted connections.
| Return | |
|---|---|
| Array<String!>! | an array of protocol names |
getSSLParameters
open fun getSSLParameters(): SSLParameters!
Returns the SSLParameters in effect for newly accepted connections. The ciphersuites and protocols of the returned SSLParameters are always non-null.
| Return | |
|---|---|
| SSLParameters! | the SSLParameters in effect for newly accepted connections |
getSupportedCipherSuites
abstract fun getSupportedCipherSuites(): Array<String!>!
Returns the names of the cipher suites which could be enabled for use on an SSL connection.
Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
Applications should not blindly enable all supported cipher suites. The supported cipher suites can include signaling cipher suite values that can cause connection problems if enabled inappropriately.
The proper way to use this method is to either check if a specific cipher suite is supported via Arrays.asList(getSupportedCipherSuites()).contains(...) or to filter a desired list of cipher suites to only the supported ones via desiredSuiteSet.retainAll(Arrays.asList(getSupportedCipherSuites())).
| Return | |
|---|---|
| Array<String!>! | an array of cipher suite names |
getSupportedProtocols
abstract fun getSupportedProtocols(): Array<String!>!
Returns the names of the protocols which could be enabled for use.
| Return | |
|---|---|
| Array<String!>! | an array of protocol names supported |
getUseClientMode
abstract fun getUseClientMode(): Boolean
Returns true if accepted connections will be in SSL client mode.
| Return | |
|---|---|
| Boolean | true if the connection should use SSL client mode. |
setEnableSessionCreation
abstract fun setEnableSessionCreation(flag: Boolean): Unit
Controls whether new SSL sessions may be established by the sockets which are created from this server socket.
SSLSockets returned from accept() inherit this setting.
| Parameters | |
|---|---|
| flag | Boolean: true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed. |
setEnabledCipherSuites
abstract fun setEnabledCipherSuites(suites: Array<String!>!): Unit
Sets the cipher suites enabled for use by accepted connections.
The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Following a successful call to this method, only suites listed in the suites parameter are enabled for use.
Suites that require authentication information which is not available in this ServerSocket's authentication context will not be used in any case, even if they are enabled.
SSLSockets returned from accept() inherit this setting.
| Parameters | |
|---|---|
| suites | Array<String!>!: Names of all the cipher suites to enable |
| Exceptions | |
|---|---|
| java.lang.IllegalArgumentException | when one or more of ciphers named by the parameter is not supported, or when the parameter is null. |
setEnabledProtocols
abstract fun setEnabledProtocols(protocols: Array<String!>!): Unit
Controls which particular protocols are enabled for use by accepted connections.
The protocols must have been listed by getSupportedProtocols() as being supported. Following a successful call to this method, only protocols listed in the protocols parameter are enabled for use.
Because of the way the protocol version is negotiated, connections will only be able to use a member of the lowest set of contiguous enabled protocol versions. For example, enabling TLSv1.2 and TLSv1 will result in connections only being able to use TLSv1.
SSLSockets returned from accept() inherit this setting.
| Parameters | |
|---|---|
| protocols | Array<String!>!: Names of all the protocols to enable. |
| Exceptions | |
|---|---|
| java.lang.IllegalArgumentException | when one or more of the protocols named by the parameter is not supported or when the protocols parameter is null. |
setNeedClientAuth
abstract fun setNeedClientAuth(need: Boolean): Unit
Controls whether accepted server-mode SSLSockets will be initially configured to require client authentication.
A socket's client authentication setting is one of the following:
- client authentication required
- client authentication requested
- no client authentication desired
Unlike [setWantClientAuth(boolean)](#setWantClientAuth%28kotlin.Boolean%29), if the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will stop and the connection will be dropped.
Calling this method overrides any previous setting made by this method or [setWantClientAuth(boolean)](#setWantClientAuth%28kotlin.Boolean%29).
The initial inherited setting may be overridden by calling [SSLSocket.setNeedClientAuth(boolean)](/reference/kotlin/javax/net/ssl/SSLSocket#setNeedClientAuth%28kotlin.Boolean%29) or [SSLSocket.setWantClientAuth(boolean)](/reference/kotlin/javax/net/ssl/SSLSocket#setWantClientAuth%28kotlin.Boolean%29).
| Parameters | |
|---|---|
| need | Boolean: set to true if client authentication is required, or false if no client authentication is desired. |
See Also
<#getNeedClientAuth%28%29>[#setWantClientAuth(boolean)](#setWantClientAuth%28kotlin.Boolean%29)<#getWantClientAuth%28%29>[#setUseClientMode(boolean)](#setUseClientMode%28kotlin.Boolean%29)
setSSLParameters
open fun setSSLParameters(params: SSLParameters!): Unit
Applies SSLParameters to newly accepted connections.
This means:
- If
params.getCipherSuites()is non-null,setEnabledCipherSuites()is called with that value. - If
params.getProtocols()is non-null,setEnabledProtocols()is called with that value. - If
params.getNeedClientAuth()orparams.getWantClientAuth()returntrue,setNeedClientAuth(true)andsetWantClientAuth(true)are called, respectively; otherwisesetWantClientAuth(false)is called. - If
params.getServerNames()is non-null, the socket will configure its server names with that value. - If
params.getSNIMatchers()is non-null, the socket will configure its SNI matchers with that value.
| Parameters | |
|---|---|
| params | SSLParameters!: the parameters |
| Exceptions | |
|---|---|
| java.lang.IllegalArgumentException | if the setEnabledCipherSuites() or the setEnabledProtocols() call fails |
setUseClientMode
abstract fun setUseClientMode(mode: Boolean): Unit
Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode.
Servers normally authenticate themselves, and clients are not required to do so.
In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused.
SSLSockets returned from accept() inherit this setting.
| Parameters | |
|---|---|
| mode | Boolean: true if newly accepted connections should use SSL client mode. |
setWantClientAuth
abstract fun setWantClientAuth(want: Boolean): Unit
Controls whether accepted server-mode SSLSockets will be initially configured to request client authentication.
A socket's client authentication setting is one of the following:
- client authentication required
- client authentication requested
- no client authentication desired
Unlike [setNeedClientAuth(boolean)](#setNeedClientAuth%28kotlin.Boolean%29), if the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will continue.
Calling this method overrides any previous setting made by this method or [setNeedClientAuth(boolean)](#setNeedClientAuth%28kotlin.Boolean%29).
The initial inherited setting may be overridden by calling [SSLSocket.setNeedClientAuth(boolean)](/reference/kotlin/javax/net/ssl/SSLSocket#setNeedClientAuth%28kotlin.Boolean%29) or [SSLSocket.setWantClientAuth(boolean)](/reference/kotlin/javax/net/ssl/SSLSocket#setWantClientAuth%28kotlin.Boolean%29).
| Parameters | |
|---|---|
| want | Boolean: set to true if client authentication is requested, or false if no client authentication is desired. |
See Also
<#getWantClientAuth%28%29>[#setNeedClientAuth(boolean)](#setNeedClientAuth%28kotlin.Boolean%29)<#getNeedClientAuth%28%29>[#setUseClientMode(boolean)](#setUseClientMode%28kotlin.Boolean%29)
toString
open fun toString(): String
| Return | |
|---|---|
| String | a string representation of this socket. |