11.5 Methods of the SSLServerSocket Class


11.5 Methods of the SSLServerSocket Class

Once you've successfully created and initialized an SSLServerSocket , there are a lot of applications you can write using nothing more than the methods inherited from java.net.ServerSocket . However, there are times when you need to adjust its behavior a little. Like SSLSocket , SSLServerSocket provides methods to choose cipher suites, manage sessions, and establish whether clients are required to authenticate themselves . Most of these methods are very similar to the methods of the same name in SSLSocket . The difference is that they work on the server side and set the defaults for sockets accepted by an SSLServerSocket . In some cases, once an SSLSocket has been accepted, you can still use the methods of SSLSocket to configure that one socket rather than all sockets accepted by this SSLServerSocket .

11.5.1 Choosing the Cipher Suites

The SSLServerSocket class has the same three methods for determining which cipher suites are supported and enabled as SSLSocket does:

 public abstract String[] getSupportedCipherSuites( ) public abstract String[] getEnabledCipherSuites( ) public abstract void     setEnabledCipherSuites(String[] suites) 

These methods use the same suite names as the similarly named methods in SSLSocket . The difference is that these methods apply to all sockets accepted by the SSLServerSocket rather than to just one SSLSocket . For example, this code fragment has the effect of enabling anonymous, unauthenticated connections on the SSLServerSocket server . It relies on the names of these suites containing the string "_anon_". This is true for Sun's reference implementations , though there's no guarantee that other implementers will follow this convention:

 String[] supported = server.getSupportedCipherSuites( ); String[] anonCipherSuitesSupported = new String[supported.length];       int numAnonCipherSuitesSupported = 0; for (int i = 0; i < supported.length; i++) {   if (supported[i].indexOf("_anon_") > 0) {     anonCipherSuitesSupported[numAnonCipherSuitesSupported++]       = supported[i];   } }          String[] oldEnabled = server.getEnabledCipherSuites( ); String[] newEnabled = new String[oldEnabled.length  + numAnonCipherSuitesSupported]; System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length); System.arraycopy(anonCipherSuitesSupported, 0, newEnabled,   oldEnabled.length, numAnonCipherSuitesSupported);        server.setEnabledCipherSuites(newEnabled); 

This fragment retrieves the list of both supported and enabled cipher suites using getSupportedCipherSuites( ) and getEnabledCipherSuites( ) . It looks at the name of every supported suite to see whether it contains the substring "_anon_". If the suite name does contain this substring, the suite is added to a list of anonymous cipher suites. Once the list of anonymous cipher suites is built, it's combined in a new array with the previous list of enabled cipher suites. The new array is then passed to setEnabledCipherSuites( ) so that both the previously enabled and the anonymous cipher suites can now be used.

11.5.2 Session Management

Both client and server must agree to establish a session. The server side uses the setEnableSessionCreation( ) method to specify whether this will be allowed and the getEnableSessionCreation() method to determine whether this is currently allowed:

 public abstract void setEnableSessionCreation(boolean allowSessions) public abstract boolean getEnableSessionCreation( ) 

Session creation is enabled by default. If the server disallows session creation, then a client that wants a session will still be able to connect. It just won't get a session and will have to handshake again for every socket. Similarly, if the client refuses sessions but the server allows them, they'll still be able to talk to each other but without sessions.

11.5.3 Client Mode

The SSLServerSocket class has two methods for determining and specifying whether client sockets are required to authenticate themselves to the server. By passing true to the setNeedClientAuth( ) method, you specify that only connections in which the client is able to authenticate itself will be accepted. By passing false , you specify that authentication is not required of clients. The default is false . If for some reason you need to know what the current state of this property is, the getNeedClientAuth() method will tell you:

 public abstract void setNeedClientAuth(boolean flag) public abstract boolean getNeedClientAuth( ) 

The setUseClientMode( ) method allows a program to indicate that even though it has created an SSLServerSocket , it is and should be treated as a client in the communication with respect to authentication and other negotiations. For example, in an FTP session, the client program opens a server socket to receive data from the server, but that doesn't make it less of a client. The getUseClientMode( ) method returns true if the SSLServerSocket is in client mode, false otherwise :

 public abstract void setUseClientMode(boolean flag) public abstract boolean getUseClientMode( ) 

Java Network Programming
Java Network Programming, Third Edition
ISBN: 0596007213
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net