javax.net.ssl: abstract public class: HttpsURLConnection

javax.net.ssl
abstract public class: HttpsURLConnection [javadoc | source]

java.lang.Object
   java.net.URLConnection
      java.net.HttpURLConnection
         javax.net.ssl.HttpsURLConnection

HttpsURLConnection extends HttpURLConnection with support for https-specific features.

See http://www.w3.org/pub/WWW/Protocols/ and RFC 2818 for more details on the https specification.

This class uses HostnameVerifier and SSLSocketFactory. There are default implementations defined for both classes. However, the implementations can be replaced on a per-class (static) or per-instance basis. All new HttpsURLConnections instances will be assigned the "default" static values at instance creation, but they can be overriden by calling the appropriate per-instance set method(s) before connecting.

since: 1.4 -

Field Summary
protected HostnameVerifier	hostnameVerifier	The `hostnameVerifier` for this object.

Fields inherited from java.net.HttpURLConnection:
method, chunkLength, fixedContentLength, fixedContentLengthLong, responseCode, responseMessage, instanceFollowRedirects, HTTP_OK, HTTP_CREATED, HTTP_ACCEPTED, HTTP_NOT_AUTHORITATIVE, HTTP_NO_CONTENT, HTTP_RESET, HTTP_PARTIAL, HTTP_MULT_CHOICE, HTTP_MOVED_PERM, HTTP_MOVED_TEMP, HTTP_SEE_OTHER, HTTP_NOT_MODIFIED, HTTP_USE_PROXY, HTTP_BAD_REQUEST, HTTP_UNAUTHORIZED, HTTP_PAYMENT_REQUIRED, HTTP_FORBIDDEN, HTTP_NOT_FOUND, HTTP_BAD_METHOD, HTTP_NOT_ACCEPTABLE, HTTP_PROXY_AUTH, HTTP_CLIENT_TIMEOUT, HTTP_CONFLICT, HTTP_GONE, HTTP_LENGTH_REQUIRED, HTTP_PRECON_FAILED, HTTP_ENTITY_TOO_LARGE, HTTP_REQ_TOO_LONG, HTTP_UNSUPPORTED_TYPE, HTTP_SERVER_ERROR, HTTP_INTERNAL_ERROR, HTTP_NOT_IMPLEMENTED, HTTP_BAD_GATEWAY, HTTP_UNAVAILABLE, HTTP_GATEWAY_TIMEOUT, HTTP_VERSION

Fields inherited from java.net.HttpURLConnection:

method, chunkLength, fixedContentLength, fixedContentLengthLong, responseCode, responseMessage, instanceFollowRedirects, HTTP_OK, HTTP_CREATED, HTTP_ACCEPTED, HTTP_NOT_AUTHORITATIVE, HTTP_NO_CONTENT, HTTP_RESET, HTTP_PARTIAL, HTTP_MULT_CHOICE, HTTP_MOVED_PERM, HTTP_MOVED_TEMP, HTTP_SEE_OTHER, HTTP_NOT_MODIFIED, HTTP_USE_PROXY, HTTP_BAD_REQUEST, HTTP_UNAUTHORIZED, HTTP_PAYMENT_REQUIRED, HTTP_FORBIDDEN, HTTP_NOT_FOUND, HTTP_BAD_METHOD, HTTP_NOT_ACCEPTABLE, HTTP_PROXY_AUTH, HTTP_CLIENT_TIMEOUT, HTTP_CONFLICT, HTTP_GONE, HTTP_LENGTH_REQUIRED, HTTP_PRECON_FAILED, HTTP_ENTITY_TOO_LARGE, HTTP_REQ_TOO_LONG, HTTP_UNSUPPORTED_TYPE, HTTP_SERVER_ERROR, HTTP_INTERNAL_ERROR, HTTP_NOT_IMPLEMENTED, HTTP_BAD_GATEWAY, HTTP_UNAVAILABLE, HTTP_GATEWAY_TIMEOUT, HTTP_VERSION

Fields inherited from java.net.URLConnection:
url, doInput, doOutput, allowUserInteraction, useCaches, ifModifiedSince, connected, factory

Constructor:

Constructor:
protected HttpsURLConnection(URL url) { super(url); } Creates an `HttpsURLConnection` using the URL specified. Parameters: `url` - the URL

 protected HttpsURLConnection(URL url) {
        super(url);
}

HttpsURLConnection

Parameters:

url - the URL

Method from javax.net.ssl.HttpsURLConnection Summary:
getCipherSuite, getDefaultHostnameVerifier, getDefaultSSLSocketFactory, getHostnameVerifier, getLocalCertificates, getLocalPrincipal, getPeerPrincipal, getSSLSocketFactory, getServerCertificates, setDefaultHostnameVerifier, setDefaultSSLSocketFactory, setHostnameVerifier, setSSLSocketFactory

Methods from java.net.HttpURLConnection:
disconnect, getErrorStream, getFollowRedirects, getHeaderField, getHeaderFieldDate, getHeaderFieldKey, getInstanceFollowRedirects, getPermission, getRequestMethod, getResponseCode, getResponseMessage, setChunkedStreamingMode, setFixedLengthStreamingMode, setFixedLengthStreamingMode, setFollowRedirects, setInstanceFollowRedirects, setRequestMethod, usingProxy

Methods from java.net.URLConnection:
addRequestProperty, connect, getAllowUserInteraction, getConnectTimeout, getContent, getContent, getContentEncoding, getContentHandler, getContentLength, getContentLengthLong, getContentType, getDate, getDefaultAllowUserInteraction, getDefaultRequestProperty, getDefaultUseCaches, getDoInput, getDoOutput, getExpiration, getFileNameMap, getHeaderField, getHeaderField, getHeaderFieldDate, getHeaderFieldInt, getHeaderFieldKey, getHeaderFieldLong, getHeaderFields, getIfModifiedSince, getInputStream, getLastModified, getOutputStream, getPermission, getReadTimeout, getRequestProperties, getRequestProperty, getURL, getUseCaches, guessContentTypeFromName, guessContentTypeFromStream, setAllowUserInteraction, setConnectTimeout, setContentHandlerFactory, setDefaultAllowUserInteraction, setDefaultRequestProperty, setDefaultUseCaches, setDoInput, setDoOutput, setFileNameMap, setIfModifiedSince, setReadTimeout, setRequestProperty, setUseCaches, toString

Methods from java.net.URLConnection:

addRequestProperty, connect, getAllowUserInteraction, getConnectTimeout, getContent, getContent, getContentEncoding, getContentHandler, getContentLength, getContentLengthLong, getContentType, getDate, getDefaultAllowUserInteraction, getDefaultRequestProperty, getDefaultUseCaches, getDoInput, getDoOutput, getExpiration, getFileNameMap, getHeaderField, getHeaderField, getHeaderFieldDate, getHeaderFieldInt, getHeaderFieldKey, getHeaderFieldLong, getHeaderFields, getIfModifiedSince, getInputStream, getLastModified, getOutputStream, getPermission, getReadTimeout, getRequestProperties, getRequestProperty, getURL, getUseCaches, guessContentTypeFromName, guessContentTypeFromStream, setAllowUserInteraction, setConnectTimeout, setContentHandlerFactory, setDefaultAllowUserInteraction, setDefaultRequestProperty, setDefaultUseCaches, setDoInput, setDoOutput, setFileNameMap, setIfModifiedSince, setReadTimeout, setRequestProperty, setUseCaches, toString

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from javax.net.ssl.HttpsURLConnection Detail:
abstract public String getCipherSuite() Returns the cipher suite in use on this connection.
public static HostnameVerifier getDefaultHostnameVerifier() { return defaultHostnameVerifier; } Gets the default `HostnameVerifier` that is inherited by new instances of this class.
public static SSLSocketFactory getDefaultSSLSocketFactory() { if (defaultSSLSocketFactory == null) { defaultSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault(); } return defaultSSLSocketFactory; } Gets the default static `SSLSocketFactory` that is inherited by new instances of this class. The socket factories are used when creating sockets for secure https URL connections.
public HostnameVerifier getHostnameVerifier() { return hostnameVerifier; } Gets the `HostnameVerifier` in place on this instance.
abstract public Certificate[] getLocalCertificates() Returns the certificate(s) that were sent to the server during handshaking. Note: This method is useful only when using certificate-based cipher suites. When multiple certificates are available for use in a handshake, the implementation chooses what it considers the "best" certificate chain available, and transmits that to the other side. This method allows the caller to know which certificate chain was actually sent.
public Principal getLocalPrincipal() { java.security.cert.Certificate[] certs = getLocalCertificates(); if (certs != null) { return ((X500Principal) ((X509Certificate)certs[0]).getSubjectX500Principal()); } else { return null; } } Returns the principal that was sent to the server during handshaking. Note: Subclasses should override this method. If not overridden, it will default to returning the X500Principal of the end-entity certificate that was sent to the server for certificate-based ciphersuites or, return null for non-certificate based ciphersuites, such as Kerberos.
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { java.security.cert.Certificate[] certs = getServerCertificates(); return ((X500Principal) ((X509Certificate)certs[0]).getSubjectX500Principal()); } Returns the server's principal which was established as part of defining the session. Note: Subclasses should override this method. If not overridden, it will default to returning the X500Principal of the server's end-entity certificate for certificate-based ciphersuites, or throw an SSLPeerUnverifiedException for non-certificate based ciphersuites, such as Kerberos.
public SSLSocketFactory getSSLSocketFactory() { return sslSocketFactory; } Gets the SSL socket factory to be used when creating sockets for secure https URL connections.
abstract public Certificate[] getServerCertificates() throws SSLPeerUnverifiedException Returns the server's certificate chain which was established as part of defining the session. Note: This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.
public static void setDefaultHostnameVerifier(HostnameVerifier v) { if (v == null) { throw new IllegalArgumentException( "no default HostnameVerifier specified"); } SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new SSLPermission("setHostnameVerifier")); } defaultHostnameVerifier = v; } Sets the default `HostnameVerifier` inherited by a new instance of this class. If this method is not called, the default `HostnameVerifier` assumes the connection should not be permitted.
public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) { if (sf == null) { throw new IllegalArgumentException( "no default SSLSocketFactory specified"); } SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkSetFactory(); } defaultSSLSocketFactory = sf; } Sets the default `SSLSocketFactory` inherited by new instances of this class. The socket factories are used when creating sockets for secure https URL connections.
public void setHostnameVerifier(HostnameVerifier v) { if (v == null) { throw new IllegalArgumentException( "no HostnameVerifier specified"); } hostnameVerifier = v; } Sets the `HostnameVerifier` for this instance. New instances of this class inherit the default static hostname verifier set by setDefaultHostnameVerifier . Calls to this method replace this object's `HostnameVerifier`.
public void setSSLSocketFactory(SSLSocketFactory sf) { if (sf == null) { throw new IllegalArgumentException( "no SSLSocketFactory specified"); } sslSocketFactory = sf; } Sets the `SSLSocketFactory` to be used when this instance creates sockets for secure https URL connections. New instances of this class inherit the default static `SSLSocketFactory` set by setDefaultSSLSocketFactory . Calls to this method replace this object's `SSLSocketFactory`.

Method from javax.net.ssl.HttpsURLConnection Detail:

 abstract public String getCipherSuite()Returns the cipher suite in use on this connection.

 public static HostnameVerifier getDefaultHostnameVerifier() {
        return defaultHostnameVerifier;
}

HostnameVerifier

 public static SSLSocketFactory getDefaultSSLSocketFactory() {
        if (defaultSSLSocketFactory == null) {
            defaultSSLSocketFactory =
                (SSLSocketFactory)SSLSocketFactory.getDefault();
        }
        return defaultSSLSocketFactory;
}

SSLSocketFactory

The socket factories are used when creating sockets for secure https URL connections.

 public HostnameVerifier getHostnameVerifier() {
        return hostnameVerifier;
}

HostnameVerifier

 abstract public Certificate[] getLocalCertificates()Returns the certificate(s) that were sent to the server during
handshaking.

Note: This method is useful only when using certificate-based
cipher suites.

When multiple certificates are available for use in a
handshake, the implementation chooses what it considers the
"best" certificate chain available, and transmits that to
the other side.  This method allows the caller to know
which certificate chain was actually sent.

 public Principal getLocalPrincipal() {
        java.security.cert.Certificate[] certs = getLocalCertificates();
        if (certs != null) {
            return ((X500Principal)
                ((X509Certificate)certs[0]).getSubjectX500Principal());
        } else {
            return null;
        }
}

Note: Subclasses should override this method. If not overridden, it will default to returning the X500Principal of the end-entity certificate that was sent to the server for certificate-based ciphersuites or, return null for non-certificate based ciphersuites, such as Kerberos.

 public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
        java.security.cert.Certificate[] certs = getServerCertificates();
        return ((X500Principal)
                ((X509Certificate)certs[0]).getSubjectX500Principal());
}

Note: Subclasses should override this method. If not overridden, it will default to returning the X500Principal of the server's end-entity certificate for certificate-based ciphersuites, or throw an SSLPeerUnverifiedException for non-certificate based ciphersuites, such as Kerberos.

 public SSLSocketFactory getSSLSocketFactory() {
        return sslSocketFactory;
}

Gets the SSL socket factory to be used when creating sockets for secure https URL connections.

 abstract public Certificate[] getServerCertificates() throws SSLPeerUnverifiedExceptionReturns the server's certificate chain which was established
as part of defining the session.

Note: This method can be used only when using certificate-based
cipher suites; using it with non-certificate-based cipher suites,
such as Kerberos, will throw an SSLPeerUnverifiedException.

 public static  void setDefaultHostnameVerifier(HostnameVerifier v) {
        if (v == null) {
            throw new IllegalArgumentException(
                "no default HostnameVerifier specified");
        }
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new SSLPermission("setHostnameVerifier"));
        }
        defaultHostnameVerifier = v;
}

HostnameVerifier

If this method is not called, the default HostnameVerifier assumes the connection should not be permitted.

 public static  void setDefaultSSLSocketFactory(SSLSocketFactory sf) {
        if (sf == null) {
            throw new IllegalArgumentException(
                "no default SSLSocketFactory specified");
        }
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkSetFactory();
        }
        defaultSSLSocketFactory = sf;
}

SSLSocketFactory

The socket factories are used when creating sockets for secure https URL connections.

 public  void setHostnameVerifier(HostnameVerifier v) {
        if (v == null) {
            throw new IllegalArgumentException(
                "no HostnameVerifier specified");
        }
        hostnameVerifier = v;
}

HostnameVerifier

New instances of this class inherit the default static hostname verifier set by setDefaultHostnameVerifier . Calls to this method replace this object's HostnameVerifier.

 public  void setSSLSocketFactory(SSLSocketFactory sf) {
        if (sf == null) {
            throw new IllegalArgumentException(
                "no SSLSocketFactory specified");
        }
        sslSocketFactory = sf;
}

SSLSocketFactory

New instances of this class inherit the default static SSLSocketFactory set by setDefaultSSLSocketFactory . Calls to this method replace this object's SSLSocketFactory.