com.dkfqs.tools.crypto

Class EncryptedSocket

java.lang.Object

com.dkfqs.tools.crypto.EncryptedSocket

public class EncryptedSocket
extends java.lang.Object

Open a SSL/TLS socket to a server.

Features:

• Measure the SSL prepare time (performance data)
• Measure the TCP/IP connect time (performance data)
• Support of TCP/IP connect timeout
• Measure the SSL handshake time (performance data)
• Support of SSL handshake timeout
• Support of SSL client authentication, for example extracted from a PKCS#12 client certificate
• Support to set an outbound IP address

Note: The verification of the SSL server certificate is disabled by default. To override this behavior, you can set an own trust managers by using the method setTrustManager(TrustManager[]).

See Also:

TCPSocket

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_HANDSHAKE_TIMEOUT_MILLIS The default SSL/TLS handshake timeout in milliseconds = 8000.
static int	DEFAULT_TCP_CONNECT_TIMEOUT_MILLIS The default TCP connect timeout in milliseconds = 10000.

Constructor Summary

Constructors

Constructor and Description
EncryptedSocket(java.lang.String serverHost, int serverPort) Create a new instance with an unconnected socket.
EncryptedSocket(java.lang.String severIpAddress, java.lang.String serverHost, int serverPort) Create a new instance with an unconnected socket.

Method Summary

Modifier and Type	Method and Description
javax.net.ssl.SSLSocket	connect() Connect the socket to the server and perform the SSL/TLS handshake.
long	getSSLHandshakeTime() Get the time elapsed to perform the SSL/TLS handshake with the server (after the TCP/IP connection was established).
long	getSSLPrepareTime() Get the time elapsed to prepare (initialize) the SSL/TLS protocol at client side, before the TCP/IP connection is opened to the server.
long	getTCPConnectTime() Get the TCP/IP connect time for opening the network connection to the server.
void	setClientAuthKeyManagers(javax.net.ssl.KeyManager[] clientAuthKeyManagers) Set key managers for client authentication, for example extracted from a X509 client certificate.
void	setHandshakeCompletedListener(javax.net.ssl.HandshakeCompletedListener handshakeCompletedListener) Register an event listener to receive notifications that an SSL handshake has completed on this connection.
void	setLimitSSLVersion(java.lang.String limitSSLVersion) Set/limit the maximal used SSL version.
void	setLocalOutboundAddress(java.net.InetAddress localOutboundAddress) Set a specific outbound IP address.
void	setSSLHandshakeTimeoutMillis(int sslHandshakeTimeoutMillis) Set the SSL handshake timeout.
void	setTCPConnectTimeoutMillis(int tcpConnectTimeoutMillis) Set the TCP connect timeout.
void	setTrustManager(javax.net.ssl.TrustManager[] trustManagers) Set a specific X509 trust manager to validate certificate chains received from the server during the SSL handshake.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_TCP_CONNECT_TIMEOUT_MILLIS

public static final int DEFAULT_TCP_CONNECT_TIMEOUT_MILLIS

The default TCP connect timeout in milliseconds = 10000.

See Also:

Constant Field Values

DEFAULT_HANDSHAKE_TIMEOUT_MILLIS

public static final int DEFAULT_HANDSHAKE_TIMEOUT_MILLIS

The default SSL/TLS handshake timeout in milliseconds = 8000.

See Also:

Constant Field Values

Constructor Detail

EncryptedSocket

public EncryptedSocket(java.lang.String serverHost,
                       int serverPort)

Create a new instance with an unconnected socket.

Parameters:

serverHost - the hostname or IP address of the server. SNI is supported if you pass a hostname

serverPort - the TPC/IP port of the server

See Also:

connect()

EncryptedSocket

public EncryptedSocket(java.lang.String severIpAddress,
                       java.lang.String serverHost,
                       int serverPort)

Create a new instance with an unconnected socket.

Parameters:

severIpAddress - the server IP address

serverHost - the sever hostname (used for SNI)

serverPort - the TPC/IP port of the server

See Also:

connect()

Method Detail

setLimitSSLVersion

public void setLimitSSLVersion(java.lang.String limitSSLVersion)

Set/limit the maximal used SSL version. Possible values are:

• SSLv2Hello
• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2
• TLSv1.3 (not supported for Java 8 JVM, requires to run on Java 9 JVM or newer)

Parameters:

limitSSLVersion - the maximal used SSL version

setTrustManager

public void setTrustManager(javax.net.ssl.TrustManager[] trustManagers)

Set a specific X509 trust manager to validate certificate chains received from the server during the SSL handshake.

Parameters:

trustManagers - the X509 trust manager to validate certificate chains

setClientAuthKeyManagers

public void setClientAuthKeyManagers(javax.net.ssl.KeyManager[] clientAuthKeyManagers)

Set key managers for client authentication, for example extracted from a X509 client certificate.

Parameters:

clientAuthKeyManagers - the key managers for client authentication

See Also:

LoadPKCS12Certificate, LoadPKCS12Certificate.getKeyManagers()

setLocalOutboundAddress

public void setLocalOutboundAddress(java.net.InetAddress localOutboundAddress)

Set a specific outbound IP address.
Example: tcpSocket.setLocalOutboundAddress(InetAddress.getByName("192.168.0.100"));

Parameters:

localOutboundAddress - the specific outbound IP address

setHandshakeCompletedListener

public void setHandshakeCompletedListener(javax.net.ssl.HandshakeCompletedListener handshakeCompletedListener)

Register an event listener to receive notifications that an SSL handshake has completed on this connection.

Parameters:

handshakeCompletedListener - the HandShake Completed event listener

setTCPConnectTimeoutMillis

public void setTCPConnectTimeoutMillis(int tcpConnectTimeoutMillis)

Set the TCP connect timeout.

Parameters:

tcpConnectTimeoutMillis - the TCP connect timeout in milliseconds

See Also:

DEFAULT_TCP_CONNECT_TIMEOUT_MILLIS

setSSLHandshakeTimeoutMillis

public void setSSLHandshakeTimeoutMillis(int sslHandshakeTimeoutMillis)

Set the SSL handshake timeout.

Parameters:

sslHandshakeTimeoutMillis - the SSL handshake timeout in milliseconds

See Also:

DEFAULT_HANDSHAKE_TIMEOUT_MILLIS

connect

public javax.net.ssl.SSLSocket connect()
                                throws java.security.NoSuchAlgorithmException,
                                       java.security.KeyManagementException,
                                       EncryptedSocketHandshakeTimeoutException,
                                       java.io.IOException

Connect the socket to the server and perform the SSL/TLS handshake.

Returns:

the connected SSLSocket

Throws:

java.security.NoSuchAlgorithmException - if the SSL protocol version is not supported by the JVM

java.security.KeyManagementException - if the sources of authentication keys are invalid

EncryptedSocketHandshakeTimeoutException - if the timout for performing a SSL/TLS handshake has exceeded

java.io.IOException - if an IO exception occurred

getSSLPrepareTime

public long getSSLPrepareTime()

Get the time elapsed to prepare (initialize) the SSL/TLS protocol at client side, before the TCP/IP connection is opened to the server.

Returns:

the time elapsed to prepare (initialize) the SSL/TLS protocol at client side in milliseconds, or -1 if no such data is available

getTCPConnectTime

public long getTCPConnectTime()

Get the TCP/IP connect time for opening the network connection to the server.

Returns:

the TCP/IP connect time for opening the network connection to the server in milliseconds, or -1 if no such data is available

getSSLHandshakeTime

public long getSSLHandshakeTime()

Get the time elapsed to perform the SSL/TLS handshake with the server (after the TCP/IP connection was established).

Returns:

the time elapsed to perform the SSL/TLS handshake with the server in milliseconds, or -1 if no such data is available