لطفا منتظر باشید ...
• Table of Contents• Index• Reviews• Reader Reviews• Errata• AcademicJava Network Programming, 3rd EditionBy
Elliotte Rusty Harold Publisher: O'ReillyPub Date: October 2004ISBN: 0-596-00721-3Pages: 706
Thoroughly revised to cover all the 100+ significant updates
to Java Developers Kit (JDK) 1.5, Java Network
Programming is a complete introduction to
developing network programs (both applets and applications)
using Java, covering everything from networking fundamentals
to remote method invocation (RMI). It includes chapters on
TCP and UDP sockets, multicasting protocol and content
handlers, servlets, and the new I/O API. This is the
essential resource for any serious Java developer.
11.5 Methods of the SSLServerSocket Class
Once
you've successfully created and initialized an
SSLServerSocket, there are a lot of applications
you can write using nothing more than the methods inherited from
java.net.ServerSocket. However, there are times
when you need to adjust its behavior a little. Like
SSLSocket, SSLServerSocket
provides methods to choose cipher suites, manage sessions, and
establish whether clients are required to authenticate themselves.
Most of these methods are very similar to the methods of the same
name in SSLSocket. The difference is that they
work on the server side and set the defaults for sockets accepted by
an SSLServerSocket. In some cases, once an
SSLSocket has been accepted, you can still use the
methods of SSLSocket to configure that one socket
rather than all sockets accepted by this
SSLServerSocket.
11.5.1 Choosing the Cipher Suites
The
SSLServerSocket class has the same three methods for
determining which cipher suites are supported and enabled as
SSLSocket does:
public abstract String[] getSupportedCipherSuites( )These methods use the same suite names as the similarly named methods
public abstract String[] getEnabledCipherSuites( )
public abstract void setEnabledCipherSuites(String[] suites)
in SSLSocket. The difference is that these methods
apply to all sockets accepted by the
SSLServerSocket rather than to just one
SSLSocket. For example, this code fragment has the
effect of enabling anonymous, unauthenticated connections on the
SSLServerSocket server. It
relies on the names of these suites containing the string
"_anon_". This is true for
Sun's reference implementations, though
there's no guarantee that other implementers will
follow this convention:
String[] supported = server.getSupportedCipherSuites( );This fragment retrieves the list of both supported and enabled cipher
String[] anonCipherSuitesSupported = new String[supported.length];
int numAnonCipherSuitesSupported = 0;
for (int i = 0; i < supported.length; i++) {
if (supported[i].indexOf("_anon_") > 0) {
anonCipherSuitesSupported[numAnonCipherSuitesSupported++]
= supported[i];
}
}
String[] oldEnabled = server.getEnabledCipherSuites( );
String[] newEnabled = new String[oldEnabled.length
+ numAnonCipherSuitesSupported];
System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length);
System.arraycopy(anonCipherSuitesSupported, 0, newEnabled,
oldEnabled.length, numAnonCipherSuitesSupported);
server.setEnabledCipherSuites(newEnabled);
suites using getSupportedCipherSuites( ) and
getEnabledCipherSuites( ). It looks at the name of
every supported suite to see whether it contains the substring
"_anon_". If the suite name does
contain this substring, the suite is added to a list of anonymous
cipher suites. Once the list of anonymous cipher suites is built,
it's combined in a new array with the previous list
of enabled cipher suites. The new array is then passed to
setEnabledCipherSuites( ) so that both the
previously enabled and the anonymous cipher suites can now be used.
11.5.2 Session Management
Both client and server must agree
to establish a session. The server side uses the
setEnableSessionCreation( ) method to specify
whether this will be allowed and the
getEnableSessionCreation() method to determine whether this is
currently allowed:
public abstract void setEnableSessionCreation(boolean allowSessions)Session creation is enabled by default. If the server disallows
public abstract boolean getEnableSessionCreation( )
session creation, then a client that wants a session will still be
able to connect. It just won't get a session and
will have to handshake again for every socket. Similarly, if the
client refuses sessions but the server allows them,
they'll still be able to talk to each other but
without sessions.
11.5.3 Client Mode
The
SSLServerSocket class has two methods for determining and
specifying whether client sockets are required to authenticate
themselves to the server. By passing true to the
setNeedClientAuth(
) method, you specify that only
connections in which the client is able to authenticate itself will
be accepted. By passing false, you specify that
authentication is not required of clients. The default is
false. If for some reason you need to know what
the current state of this property is, the
getNeedClientAuth() method will tell you:
public abstract void setNeedClientAuth(boolean flag)The setUseClientMode( ) method allows a program to
public abstract boolean getNeedClientAuth( )
indicate that even though it has created an
SSLServerSocket, it is and should be treated as a
client in the communication with respect to authentication and other
negotiations. For example, in an FTP session, the client program
opens a server socket to receive data from the server, but that
doesn't make it less of a client. The
getUseClientMode( ) method returns
true if the SSLServerSocket is
in client mode, false otherwise:
public abstract void setUseClientMode(boolean flag)
public abstract boolean getUseClientMode( )
