Getting the Secure Socket Factory
The SSLServerSocketFactory class in the javax.net.ssl package acts as the factory that creates secure server sockets. This is an abstract class that extends the ServerSocketFactory class.
public abstract class SSLServerSocketFactory extends ServerSocketFactory
The fact that the SSLServerSocketFactory class extends the ServerSocketFatory class should come as no surprise. The basic purpose and working of a secure socket remain the same as for an ordinary socket, except that secure content can be transmitted through it. The secure server factory encompasses the details of creating and configuring secure sockets. These details, in turn, include information on authentication keys, cipher suites, certificate validation etc. The secure server socket factory can be obtained as follows:
■ By calling the getDefault() method, which returns the default implementation of the SSLServerSocketFactory.
SSLServerSocketFactory.getDefault();
The value of the SSL.ServerSocketFactory.provider security property in the Java security properties file determines the default factory implementation; this property can be set to a desired class. Finally, an instantiation exception is thrown if SSL has not been properly configured for a virtual machine.
■ By using an instance of the SSLContext class.The SSLContext class encapsulates state information (session state information, for example) that is shared by all sockets created under that context.The SSLContext can be instantiated as follows:
SSLContext SSLContextlnstance = SSLContext.getInstance("SSL");
Information on configuring the context instance and associated methods shall be discussed later with reference to Figure 10.8. For the time being, we use this context instance to obtain a factory instance using the following code.
SSLServerSocketFactory factorylnstance = SSLContextlnstance. getServerSocketFactory();
We will now use this factory instance to create a secure server socket.
Post a comment