| com.sun.portal.rproxy.https.HttpsClient
HttpsClient | final public class HttpsClient extends HttpClient (Code) | | This class provides HTTPS client URL support, building on the standard
"sun.net.www" HTTP protocol handler. HTTPS is the same protocol as HTTP, but
differs in the transport layer which it uses:
- There's a Secure Sockets Layer between TCP and the HTTP
protocol code.
- It uses a different default TCP port.
- It doesn't use application level proxies, which can see and manipulate
HTTP user level data, compromising privacy. It uses low level tunneling
instead, which hides HTTP protocol and data from all third parties. (Traffic
analysis is still possible).
- It does basic server authentication, to protect against "URL spoofing"
attacks. This involves deciding whether the X.509 certificate chain
identifying the server is trusted, and verifying that the name of the server
is found in the certificate. (The application may enable an anonymous SSL
cipher suite, and such checks are not done for anonymous ciphers.)
- It exposes key SSL session attributes, specifically the cipher suite in
use and the server's X509 certificates, to application software which knows
about this protocol handler.
System properties used include:
- https.proxyHost ... the host supporting SSL tunneling using
the conventional CONNECT syntax
- https.proxyPort ... port to use on proxyHost
- https.cipherSuites ... comma separated list of SSL cipher
suite names to enable.
- http.nonProxyHosts ...
version: 1.24 author: David Brownell author: Bill Foote |
Constructor Summary | |
public | HttpsClient(URL url) Create an HTTPS client URL. |
Method Summary | |
public static HttpClient | New(URL url) See HttpClient for the model for this method. | protected Socket | doConnect(String host, int port) Overrides HTTP protocol handler method so that we return an SSL socket,
not a TCP socket. | public String | getCipherSuite() Returns the cipher suite in use on this connection. | protected int | getDefaultPort() | public X509Certificate[] | getServerCertificateChain() Returns the X.509 certificate chain with which the server authenticated
itself, or null if the server did not authenticate. | protected boolean | isNonProxyHost() Returns true if host is on the "don't proxy" list. | public static synchronized void | resetSecureProperties() Re-initialize the dontProxy list, and other properties we depend on. |
jssProxyPort | public static int jssProxyPort(Code) | | |
HttpsClient | public HttpsClient(URL url) throws IOException(Code) | | Create an HTTPS client URL. Traffic will be tunneled through any
intermediate nodes rather than proxied, so that confidentiality of data
exchanged can be preserved. However, note that all the anonymous SSL
flavors are subject to "person-in-the-middle" attacks against
confidentiality. If you enable use of those flavors, you may be giving up
the protection you get through SSL tunneling.
Parameters: URL - https URL with which a connection must be established |
New | public static HttpClient New(URL url) throws IOException(Code) | | See HttpClient for the model for this method.
|
doConnect | protected Socket doConnect(String host, int port) throws IOException, UnknownHostException(Code) | | Overrides HTTP protocol handler method so that we return an SSL socket,
not a TCP socket. This establishes a secure tunnel if appropriate.
Parameters: host - the host to connect to Parameters: port - the port on that host. exception: IOException - on errors including a host doesn't authenicate corectly. exception: UnknownHostException - if "host" is unknown |
getCipherSuite | public String getCipherSuite()(Code) | | Returns the cipher suite in use on this connection.
|
getDefaultPort | protected int getDefaultPort()(Code) | | Returns the default HTTPS port (443)
|
getServerCertificateChain | public X509Certificate[] getServerCertificateChain()(Code) | | Returns the X.509 certificate chain with which the server authenticated
itself, or null if the server did not authenticate.
|
isNonProxyHost | protected boolean isNonProxyHost()(Code) | | Returns true if host is on the "don't proxy" list.
|
resetSecureProperties | public static synchronized void resetSecureProperties()(Code) | | Re-initialize the dontProxy list, and other properties we depend on.
|
|
|