/**@class android.net.SSLCertificateSocketFactory @extends javax.net.ssl.SSLSocketFactory SSLSocketFactory implementation with several extra features: <ul> <li>Timeout specification for SSL handshake operations <li>Hostname verification in most cases (see WARNINGs below) <li>Optional SSL session caching with {@link android.net.SSLSessionCache} <li>Optionally bypass all SSL certificate checks </ul> The handshake timeout does not apply to actual TCP socket connection. If you want a connection timeout as well, use {@link #createSocket}() and {@link Socket#connect(SocketAddress, int)}, after which you must verify the identity of the server you are connected to. <p class="caution"><b>Most {@link SSLSocketFactory} implementations do not verify the server's identity, allowing man-in-the-middle attacks.</b> This implementation does check the server's certificate hostname, but only for createSocket variants that specify a hostname. When using methods that use {@link InetAddress} or which return an unconnected socket, you MUST verify the server's identity yourself to ensure a secure connection.</p> <p>One way to verify the server's identity is to use {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a {@link HostnameVerifier} to verify the certificate hostname. <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all SSL certificate and hostname checks for testing purposes. This setting requires root access. */ var SSLCertificateSocketFactory = { /**Returns a new socket factory instance with an optional handshake timeout. @param {Number} handshakeTimeoutMillis to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. @return {Object {javax.net.SocketFactory}} a new SSLSocketFactory with the specified parameters */ getDefault : function( ) {}, /**Returns a new socket factory instance with an optional handshake timeout and SSL session cache. @param {Number} handshakeTimeoutMillis to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. @param {Object {SSLSessionCache}} cache The {@link SSLSessionCache} to use, or null for no cache. @return {Object {javax.net.ssl.SSLSocketFactory}} a new SSLSocketFactory with the specified parameters */ getDefault : function( ) {}, /**Returns a new instance of a socket factory with all SSL security checks disabled, using an optional handshake timeout and SSL session cache. <p class="caution"><b>Warning:</b> Sockets created using this factory are vulnerable to man-in-the-middle attacks!</p> @param {Number} handshakeTimeoutMillis to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. @param {Object {SSLSessionCache}} cache The {@link SSLSessionCache} to use, or null for no cache. @return {Object {javax.net.ssl.SSLSocketFactory}} an insecure SSLSocketFactory with the specified parameters */ getInsecure : function( ) {}, /**Returns a socket factory (also named SSLSocketFactory, but in a different namespace) for use with the Apache HTTP stack. @param {Number} handshakeTimeoutMillis to use for SSL connection handshake, or 0 for none. The socket timeout is reset to 0 after the handshake. @param {Object {SSLSessionCache}} cache The {@link SSLSessionCache} to use, or null for no cache. @return {Object {org.apache.http.conn.ssl.SSLSocketFactory}} a new SocketFactory with the specified parameters @deprecated Use {@link #getDefault()} along with a {@link javax.net.ssl.HttpsURLConnection} instead. The Apache HTTP client is no longer maintained and may be removed in a future release. Please visit <a href="http://android-developers.blogspot.com/2011/09/androids-http-clients.html">this webpage</a> for further details. @removed */ getHttpSocketFactory : function( ) {}, /**Verify the hostname of the certificate used by the other end of a connected socket. You MUST call this if you did not supply a hostname to {@link #createSocket}(). It is harmless to call this method redundantly if the hostname has already been verified. <p>Wildcard certificates are allowed to verify any matching hostname, so "foo.bar.example.com" is verified if the peer has a certificate for "*.example.com". @param {Object {Socket}} socket An SSL socket which has been connected to a server @param {String} hostname The expected hostname of the remote server @throws IOException if something goes wrong handshaking with the server @throws SSLPeerUnverifiedException if the server cannot prove its identity @hide */ verifyHostname : function( ) {}, /**Sets the {@link TrustManager}s to be used for connections made by this factory. */ setTrustManagers : function( ) {}, /**Sets the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next Protocol Negotiation (NPN)</a> protocols that this peer is interested in. <p>For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support NPN. <p>For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant. @param {Object {byte[][]}} npnProtocols a non-empty list of protocol byte arrays. All arrays must be non-empty and of length less than 256. */ setNpnProtocols : function( ) {}, /**Sets the <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01"> Application Layer Protocol Negotiation (ALPN)</a> protocols that this peer is interested in. <p>For servers this is the sequence of protocols to advertise as supported, in order of preference. This list is sent unencrypted to all clients that support ALPN. <p>For clients this is a list of supported protocols to match against the server's list. If there is no protocol supported by both client and server then the first protocol in the client's list will be selected. The order of the client's protocols is otherwise insignificant. @param {Object {byte[][]}} protocols a non-empty list of protocol byte arrays. All arrays must be non-empty and of length less than 256. @hide */ setAlpnProtocols : function( ) {}, /**Returns the <a href="http://technotes.googlecode.com/git/nextprotoneg.html">Next Protocol Negotiation (NPN)</a> protocol selected by client and server, or null if no protocol was negotiated. @param {Object {Socket}} socket a socket created by this factory. @throws IllegalArgumentException if the socket was not created by this factory. */ getNpnSelectedProtocol : function( ) {}, /**Returns the <a href="http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-01">Application Layer Protocol Negotiation (ALPN)</a> protocol selected by client and server, or null if no protocol was negotiated. @param {Object {Socket}} socket a socket created by this factory. @throws IllegalArgumentException if the socket was not created by this factory. @hide */ getAlpnSelectedProtocol : function( ) {}, /**Sets the {@link KeyManager}s to be used for connections made by this factory. */ setKeyManagers : function( ) {}, /**Sets the private key to be used for TLS Channel ID by connections made by this factory. @param {Object {PrivateKey}} privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables TLS Channel ID). The private key has to be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1). @hide */ setChannelIdPrivateKey : function( ) {}, /**Enables <a href="http://tools.ietf.org/html/rfc5077#section-3.2">session ticket</a> support on the given socket. @param {Object {Socket}} socket a socket created by this factory @param {Boolean} useSessionTickets {@code true} to enable session ticket support on this socket. @throws IllegalArgumentException if the socket was not created by this factory. */ setUseSessionTickets : function( ) {}, /**Turns on <a href="http://tools.ietf.org/html/rfc6066#section-3">Server Name Indication (SNI)</a> on a given socket. @param {Object {Socket}} socket a socket created by this factory. @param {String} hostName the desired SNI hostname, null to disable. @throws IllegalArgumentException if the socket was not created by this factory. */ setHostname : function( ) {}, /**Sets this socket's SO_SNDTIMEO write timeout in milliseconds. Use 0 for no timeout. To take effect, this option must be set before the blocking method was called. @param {Object {Socket}} socket a socket created by this factory. @param {Number} timeout the desired write timeout in milliseconds. @throws IllegalArgumentException if the socket was not created by this factory. @hide */ setSoWriteTimeout : function( ) {}, /**{@inheritDoc} <p>This method verifies the peer's certificate hostname after connecting (unless created with {@link #getInsecure(int, android.net.SSLSessionCache)}). */ createSocket : function( ) {}, /**Creates a new socket which is not connected to any remote host. You must use {@link Socket#connect} to connect the socket. <p class="caution"><b>Warning:</b> Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.</p> */ createSocket : function( ) {}, /**{@inheritDoc} <p class="caution"><b>Warning:</b> Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.</p> */ createSocket : function( ) {}, /**{@inheritDoc} <p class="caution"><b>Warning:</b> Hostname verification is not performed with this method. You MUST verify the server's identity after connecting the socket to avoid man-in-the-middle attacks.</p> */ createSocket : function( ) {}, /**{@inheritDoc} <p>This method verifies the peer's certificate hostname after connecting (unless created with {@link #getInsecure(int, android.net.SSLSessionCache)}). */ createSocket : function( ) {}, /**{@inheritDoc} <p>This method verifies the peer's certificate hostname after connecting (unless created with {@link #getInsecure(int, android.net.SSLSessionCache)}). */ createSocket : function( ) {}, /** */ getDefaultCipherSuites : function( ) {}, /** */ getSupportedCipherSuites : function( ) {}, };