Class TLSSocketFactory

  extended byorg.apache.avalon.framework.logger.AbstractLogEnabled
      extended byorg.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
          extended byorg.apache.avalon.cornerstone.blocks.sockets.TLSSocketFactory
All Implemented Interfaces:
Configurable, Contextualizable, Initializable, LogEnabled, SocketFactory

public class TLSSocketFactory
extends AbstractTLSSocketFactory
implements SocketFactory, Contextualizable, Configurable, Initializable

Manufactures TLS client sockets. Configuration element inside a SocketManager would look like:

  <factory name="secure"
            class="org.apache.avalon.cornerstone.blocks.sockets.TLSSocketFactory" >
   <ssl-factory /> <!-- see SSLFactoryBuilder -->
   <timeout> 0 </timeout>
   <!-- if the value is greater than zero, a read() call on the
           InputStream associated with this Socket will block for only this
           amount of time in milliseconds. Default value is 0. -->
   <!-- whether or not the server identity should be verified.
           Defaults to false. -->

Server identity verification currently includes only comparing the certificate Common Name received with the host name in the passed address. Identity verification requires that SSL handshake is completed for the socket, so it takes longer to get a verified socket (and won't play well with non-blocking application like SEDA).

Another thing to keep in mind when using identity verification is that InetAddress objects for the remote hosts should be built using InetAddress.getByName(java.lang.String) with the host name (matching the certificate CN) as the argument. Failure to do so may cause relatively costly DNS lookups and false rejections caused by inconsistencies between forward and reverse resolution.

Peter Donald, Federico Barbieri, Charles Benett, Harish Prabandham, Costin Manolache, Craig McClanahan, Andrei Ivanov, Greg Steuck

Field Summary
Fields inherited from class org.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
Constructor Summary
Method Summary
 void configure(Configuration configuration)
          Configures the factory.
 Socket createSocket(InetAddress address, int port)
          Creates a socket connected to the specified remote address.
 Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
          Creates a socket and connected to the specified remote address originating from specified local address.
protected  void visitBuilder(SSLFactoryBuilder builder)
          The child factories have to use an instance of SSLFactoryBuilder to obtain their factories.
Methods inherited from class org.apache.avalon.cornerstone.blocks.sockets.AbstractTLSSocketFactory
contextualize, initialize
Methods inherited from class org.apache.avalon.framework.logger.AbstractLogEnabled
enableLogging, getLogger, setupLogger, setupLogger, setupLogger
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.avalon.framework.context.Contextualizable
Methods inherited from interface org.apache.avalon.framework.activity.Initializable

Constructor Detail


public TLSSocketFactory()
Method Detail


public void configure(Configuration configuration)
               throws ConfigurationException
Configures the factory.

Specified by:
configure in interface Configurable
configure in class AbstractTLSSocketFactory
configuration - the Configuration
ConfigurationException - if an error occurs


protected void visitBuilder(SSLFactoryBuilder builder)
Description copied from class: AbstractTLSSocketFactory
The child factories have to use an instance of SSLFactoryBuilder to obtain their factories. So they are given an instance when it's ready. Another alternative was to have the SSLFactoryBuilder export buildContext method, but that would mean SSLContext which is deep in Sun guts will be aired in 3-4 classes instead of 1.

Specified by:
visitBuilder in class AbstractTLSSocketFactory


public Socket createSocket(InetAddress address,
                           int port)
                    throws IOException
Creates a socket connected to the specified remote address.

Specified by:
createSocket in interface SocketFactory
address - the remote address
port - the remote port
the socket
IOException - if an error occurs


public Socket createSocket(InetAddress address,
                           int port,
                           InetAddress localAddress,
                           int localPort)
                    throws IOException
Creates a socket and connected to the specified remote address originating from specified local address.

Specified by:
createSocket in interface SocketFactory
address - the remote address
port - the remote port
localAddress - the local address
localPort - the local port
the socket
IOException - if an error occurs

Copyright © Apache Software Foundation. All Rights Reserved.