Field Detail

• EXCLUDE_PROTOCOLS

  public static final List<String> EXCLUDE_PROTOCOLS

  Unmodifiable. Public for RouterConsoleRunner.

  Since:

  0.9.16

• INCLUDE_PROTOCOLS

  public static final List<String> INCLUDE_PROTOCOLS

  Java 7 does not enable 1.1 or 1.2 by default on the client side. Java 8 does enable 1.1 and 1.2 by default on the client side. ref: http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html Unmodifiable. Public for RouterConsoleRunner.

  Since:

  0.9.16

• EXCLUDE_CIPHERS

  public static final List<String> EXCLUDE_CIPHERS

  We exclude everything that Java 8 disables by default, plus some others. ref: http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html Unmodifiable. Public for RouterConsoleRunner.

  Since:

  0.9.16

• INCLUDE_CIPHERS

  public static final List<String> INCLUDE_CIPHERS

  Nothing for now. There's nothing disabled by default we would want to enable. Unmodifiable. Public for RouterConsoleRunner.

  Since:

  0.9.16

Constructor Detail

• I2PSSLSocketFactory

  public I2PSSLSocketFactory​(I2PAppContext context,
                             boolean loadSystemCerts,
                             String relativeCertPath)
                      throws GeneralSecurityException

  Parameters:

  relativeCertPath - e.g. "certificates/i2cp"

  Throws:

  GeneralSecurityException

  Since:

  0.9.9 was static

Method Detail

• createSocket

  public Socket createSocket​(String host,
                             int port)
                      throws IOException

  Returns a socket to the host. A host argument that's an IP address (instead of a host name) is not recommended, as this will probably fail SSL certificate validation. Hostname validation is skipped for localhost addresses, but you still must trust the certificate.

  Throws:

  IOException

• createSocket

  public Socket createSocket​(InetAddress host,
                             int port)
                      throws IOException

  Returns a socket to the host. An InetAddress argument created with an IP address (instead of a host name) is not recommended, as this will perform a reverse DNS lookup to get the host name for certificate validation, which will probably then fail. Hostname validation is skipped for localhost addresses, but you still must trust the certificate.

  Throws:

  IOException

  Since:

  0.9.9

• verifyHostname

  public static void verifyHostname​(I2PAppContext ctx,
                                    SSLSocket socket,
                                    String host)
                             throws SSLException

  Validate the hostname ref: https://developer.android.com/training/articles/security-ssl.html ref: http://op-co.de/blog/posts/java_sslsocket_mitm/ ref: http://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/

  Throws:

  SSLException - on hostname verification failure

  Since:

  0.9.20

• setProtocolsAndCiphers

  public static void setProtocolsAndCiphers​(SSLSocket socket)

  Select protocols and cipher suites to be used based on configured inclusion and exclusion lists as well as enabled and supported protocols and cipher suites. Adapted from Jetty SslContextFactory.java

  Since:

  0.9.16

• setProtocolsAndCiphers

  public static void setProtocolsAndCiphers​(SSLServerSocket socket)

  Select protocols and cipher suites to be used based on configured inclusion and exclusion lists as well as enabled and supported protocols and cipher suites. Adapted from Jetty SslContextFactory.java

  Since:

  0.9.16